CVE-2026-3595 — The Riaxe Product Customizer plugin for WordPress is
Image via images.unsplash.com
CVE-2026-3595 — The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.2. This is due to the plugin registering a REST API route at POST /wp-json/InkXEProductDesignerLite/customer/delete_customer without a permission_callback
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-3595 | vulnerability | CVE-2026-3595 |
| CWE-862 | weakness | CWE-862 |
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 16, 2026 at 09:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related Posts
Rsync Vulnerability Exposes Users to Use-After-Free Flaw
CVE-2026-41035 — In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim...
CVE-2026-41034 — ONLYOFFICE DocumentServer before 9.3.0 has an untrusted
CVE-2026-41034 — ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and other vectors), leading to an information leak and...
CVE-2026-41030 — In ONLYOFFICE DesktopEditors before 9.3.0, the update
CVE-2026-41030 — In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.