VYPR

Product Customizer

by WordPress

CVEs (2)

  • CVE-2026-3594MedApr 8, 2026
    risk 0.34cvss 5.3epss 0.00

    The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4 via the '/wp-json/InkXEProductDesignerLite/orders' REST API endpoint. The endpoint is registered with 'permission_callback' set to…

  • CVE-2024-9848Oct 18, 2024
    risk 0.00cvss epss 0.00

    The Product Customizer Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with…