What the vulnerability does
01Description
The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an unauthenticated AJAX action ('wp_ajax_nopriv_install-imprint') that maps to the ink_pd_add_option() function. This function reads 'option' and 'opt_value' from $_POST, then calls delete_option() followed by add_option() using these attacker-controlled values without any nonce verification, capability checks, or option name allowlist. This makes it possible for unauthenticated attackers to update arbitrary WordPress options, which can be leveraged for privilege escalation by enabling user registration and setting the default user role to administrator.
Explanation of Vulnerability in Simple Terms
02Summary
Riaxe Product Customizer versions 2.1.2 and earlier lack proper authorization checks, allowing unauthenticated attackers to read, modify, or delete data without restriction. The vulnerability affects all confidentiality, integrity, and availability of the application. No user interaction is required; exploitation occurs over the network.
What an attacker can do
03Attacker Capabilities
Read, modify, or delete any data in the application without authentication.
Potential impact on your site
04Site Impact
Complete compromise of data confidentiality, integrity, and availability if this product is deployed on your site.
Conditions required to exploit
05Prerequisites
Network access only; no authentication or user interaction required.
Key dates
06Disclosure timeline
April 16, 2026
CVE published
April 16, 2026
Record updated
