CVE-2026-3594 - Vulnerability Details

- Riaxe Product Customizer <= 2.4 - Unauthenticated Sensitive Information Disclosure via '/orders' REST API Endpoint

Description

The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4 via the '/wp-json/InkXEProductDesignerLite/orders' REST API endpoint. The endpoint is registered with 'permission_callback' set to '__return_true', meaning no authentication or authorization checks are performed. The endpoint queries WooCommerce order data from the database and returns it to the requester, including customer first and last names, customer IDs, order IDs, order totals, order dates, currencies, and order statuses. This makes it possible for unauthenticated attackers to extract sensitive customer and order information from the WooCommerce store.

Published: 2026-04-08

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Riaxe Product Customizer plugin for WordPress contains an unauthenticated endpoint that returns sensitive WooCommerce order data. The '/wp-json/InkXEProductDesignerLite/orders' API endpoint is registered with a 'permission_callback' set to '__return_true', which effectively bypasses any authentication or authorization checks. As a result, any user—without credentials—can retrieve customer first and last names, customer IDs, order IDs, totals, dates, currencies, and statuses, exposing confidential purchase information.

Affected Systems

WordPress sites that have the Riaxe Product Customizer plugin installed and running a version up to and including 2.4 are affected. The vulnerability applies to all such installations regardless of theme or other plugins.

Risk and Exploitability

With a CVSS base score of 5.3, the issue presents moderate severity, but the lack of authentication makes exploitation trivial for remote attackers. No EPSS score is available to gauge current exploitation rate, and the vulnerability is not listed in the CISA KEV. It poses a significant risk of exposing customer data, especially on high‑traffic stores, and can lead to privacy breaches or financial fraud if attackers later misuse the data.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

imprintnext

Riaxe Product Customizer

unaffected

Version	Status	Constraints
`0`	affected	≤ 2.4

No data.

Vendor Product Confidence Versions

Imprintnext

Riaxe Product Customizer

100%

Version	Status	Scheme	Platform
`[0,2.4]`	affected	semver	—

Wordpress

80%

Version	Status	Scheme	Platform
`—`	unaffected	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update Riaxe Product Customizer to a version newer than 2.4 (if available).
If an upgrade is not immediately feasible, block or restrict access to the '/wp-json/InkXEProductDesignerLite/orders' endpoint using security plugins, firewall rules, or server‑side access controls.
Verify that the API’s permission callback requires authentication and that only authorized users can access order data.

Generated by OpenCVE AI on April 8, 2026 at 08:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00085.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.4/riaxe-product-designer.php#L1101
https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.4/riaxe-product-designer.php#L2809
https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.4/riaxe-product-designer.php#L2820
https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.4/riaxe-product-designer.php#L986
https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L1101
https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L2809
https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L2820
https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L986
https://www.wordfence.com/threat-intel/vulnerabilities/id/2ffd6393-6604-48d9-ba22-7d989305e9ed?source=cve

History

Wed, 08 Apr 2026 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Imprintnext Imprintnext riaxe Product Customizer Wordpress Wordpress wordpress
Vendors & Products		Imprintnext Imprintnext riaxe Product Customizer Wordpress Wordpress wordpress

Wed, 08 Apr 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 08 Apr 2026 07:00:00 +0000

Type	Values Removed	Values Added
Description		The Riaxe Product Customizer plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4 via the '/wp-json/InkXEProductDesignerLite/orders' REST API endpoint. The endpoint is registered with 'permission_callback' set to '__return_true', meaning no authentication or authorization checks are performed. The endpoint queries WooCommerce order data from the database and returns it to the requester, including customer first and last names, customer IDs, order IDs, order totals, order dates, currencies, and order statuses. This makes it possible for unauthenticated attackers to extract sensitive customer and order information from the WooCommerce store.
Title		Riaxe Product Customizer <= 2.4 - Unauthenticated Sensitive Information Disclosure via '/orders' REST API Endpoint
Weaknesses		CWE-200
References		https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.4/riaxe-product-designer.php#L1101 https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.4/riaxe-product-designer.php#L2809 https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.4/riaxe-product-designer.php#L2820 https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/tags/2.4/riaxe-product-designer.php#L986 https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L1101 https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L2809 https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L2820 https://plugins.trac.wordpress.org/browser/riaxe-product-customizer/trunk/riaxe-product-designer.php#L986 https://www.wordfence.com/threat-intel/vulnerabilities/id/2ffd6393-6604-48d9-ba22-7d989305e9ed?source=cve
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}`

Subscriptions

Imprintnext Riaxe Product Customizer

Wordpress Wordpress

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2026-04-08T06:43:37.586Z

Updated: 2026-04-08T16:44:44.782Z

Reserved: 2026-03-05T13:17:53.691Z

Link: CVE-2026-3594

Vulnrichment

Updated: 2026-04-08T14:48:04.905Z

NVD

Status : Deferred

Published: 2026-04-08T07:16:21.620

Modified: 2026-04-27T19:04:22.650

Link: CVE-2026-3594

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-08T19:43:48Z

Weaknesses

CWE-200

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object