top of page
perceptive_background_267k.jpg

The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an una…

Published:

15 april 2026 om 22:00:00

Alert date:

16 april 2026 om 07:01:44

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

The Riaxe Product Customizer WordPress plugin (versions up to 2.1.2) contains a critical privilege escalation vulnerability. An unauthenticated AJAX action 'wp_ajax_nopriv_install-imprint' maps to the ink_pd_add_option() function, which processes POST data without proper validation. The function reads 'option' and 'opt_value' parameters and calls delete_option() followed by add_option() without nonce verification, capability checks, or option name allowlisting. This allows unauthenticated attackers to modify arbitrary WordPress options, enabling privilege escalation by activating user registration and setting the default role to administrator.

Technical details

Mitigation steps:

Affected products:

WordPress
Riaxe Product Customizer

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-3596
https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L183
https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L5045
https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L5046
https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L5047
https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.1.2/riaxe-product-designer.php#L5058
https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L183
https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L5045
https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L5046
https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L5047
https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L5058
https://www.wordfence.com/threat-intel/vulnerabilities/id/271a35fb-56b7-4d6b-bccc-fea1227d0913?source=cve

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page