Description
The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'product_data' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on the user-supplied parameter and insufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Published: 2026-04-16
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection (unauthenticated)
Action: Immediate Patch
AI Analysis

Impact

The Riaxe Product Customizer WordPress plugin contains a significant SQL injection flaw. Unauthenticated users can supply crafted input through the 'options' parameter keys in the 'product_data' object of the add-item-to-cart REST endpoint. The plugin fails to properly escape or prepare the SQL query, allowing attackers to inject additional SQL statements and gain unauthorized access to database content. This vulnerability directly compromises confidentiality of sensitive data such as user credentials, orders, and site configuration.

Affected Systems

The flaw affects all installations of the imprintnext Riaxe Product Customizer plugin through version 2.1.2. Site owners running any of these versions of the plugin are at risk unless the plugin is updated or otherwise mitigated.

Risk and Exploitability

The vulnerability has a CVSS score of 7.5, indicating a high severity. Although the EPSS score is not available, the lack of authentication requirements and the existence of a publicly documented exploitation path mean that attackers can act immediately once a site is discovered. The vulnerability is not currently listed in the CISA KEV catalog, but the potential for widespread exploitation remains high.

Generated by OpenCVE AI on April 16, 2026 at 08:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Riaxe Product Customizer to the latest version that removes the unescaped query handling.
  • Configure the WordPress REST API to require authentication for the /wp-json/InkXEProductDesignerLite/add-item-to-cart endpoint, or block the endpoint entirely via .htaccess or a host firewall.
  • Implement strict input validation and use prepared statements for any custom database interactions in the plugin; review and sanitize the 'options' parameter before use.
  • Deploy a web application firewall rule to detect and block SQL injection payloads targeting the add-item-to-cart API.

Generated by OpenCVE AI on April 16, 2026 at 08:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 16 Apr 2026 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Imprintnext
Imprintnext riaxe Product Customizer
Wordpress
Wordpress wordpress
Vendors & Products Imprintnext
Imprintnext riaxe Product Customizer
Wordpress
Wordpress wordpress

Thu, 16 Apr 2026 05:45:00 +0000

Type Values Removed Values Added
Description The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'product_data' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST API endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on the user-supplied parameter and insufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Title Riaxe Product Customizer <= 2.1.2 - Unauthenticated SQL Injection via 'options' Parameter Keys in product_data
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Imprintnext Riaxe Product Customizer
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-16T12:58:22.965Z

Reserved: 2026-03-05T13:45:31.001Z

Link: CVE-2026-3599

cve-icon Vulnrichment

Updated: 2026-04-16T12:58:19.685Z

cve-icon NVD

Status : Received

Published: 2026-04-16T06:16:17.063

Modified: 2026-04-16T06:16:17.063

Link: CVE-2026-3599

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T09:11:46Z

Weaknesses