WordPress Riaxe Plugin Rife with SQLi Vulnerability

/HIGH
SCW vulnerabilitycvehigh-severitysql-injectioncwe-89
WordPress Riaxe Plugin Rife with SQLi Vulnerability

The National Vulnerability Database (NVD) has flagged a critical SQL Injection vulnerability, CVE-2026-3599, impacting the Riaxe Product Customizer plugin for WordPress. This flaw, present in all versions up to and including 2.1.2, resides within the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint.

According to NVD, the vulnerability stems from inadequate escaping of user-supplied parameters and insufficient preparation of existing SQL queries. This oversight allows unauthenticated attackers to inject malicious SQL queries via the ‘options’ parameter keys within ‘product_data’. Such an attack could enable the extraction of sensitive information directly from the database, posing a significant risk to data confidentiality. The NVD assigned a CVSS score of 7.5 (HIGH) to this vulnerability, emphasizing its potential impact.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component: Web Shell Persistence T1189 Drive-by Compromise Initial Access

🛡️ Detection Rules

7 rules · 6 SIEM formats

7 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, QRadar AQL, and Wazuh.

high T1190 Initial Access

Web Application Exploitation Attempt — CVE-2026-3599

✓ Sigma 🔒 Splunk SPL 🔒 Sentinel KQL 🔒 Elastic 🔒 QRadar AQL 🔒 Wazuh

Want this in your SIEM's native format? Get Splunk SPL, Sentinel KQL, Elastic, QRadar AQL, or Wazuh — ready to paste.

7 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.

Get All SIEM Formats →

Indicators of Compromise

IDTypeIndicator
CVE-2026-3599 SQLi Riaxe Product Customizer plugin for WordPress versions <= 2.1.2
CVE-2026-3599 SQLi /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint
CVE-2026-3599 SQLi Vulnerable parameter: 'options' parameter keys within 'product_data'

By Shimi's Cyber World Editorial

Related Posts

Rsync Vulnerability Exposes Users to Use-After-Free Flaw

CVE-2026-41035 — In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim...

vulnerabilityCVEhigh-severityuse-after-freecwe-130
/HIGH /⚑ 3 IOCs

CVE-2026-41034 — ONLYOFFICE DocumentServer before 9.3.0 has an untrusted

CVE-2026-41034 — ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and other vectors), leading to an information leak and...

vulnerabilityCVEcwe-125
/MEDIUM /⚑ 2 IOCs

CVE-2026-41030 — In ONLYOFFICE DesktopEditors before 9.3.0, the update

CVE-2026-41030 — In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges.

vulnerabilityCVEcwe-669
/MEDIUM /⚑ 2 IOCs