<0.1% probability · 16.4th percentile — 2026-05-12
Affected versions
Riaxe Product Customizer plugin for WordPress, all versions up to and including 2.1.2
Summary
The Riaxe Product Customizer WordPress plugin contains an unauthenticated privilege escalation vulnerability. Its unprotected AJAX action allows attackers to modify arbitrary WordPress options without any authentication, capability checks, or nonce validation. Attackers can leverage this flaw to enable user registration and set the default user role to administrator, taking full control of the site.
Remediation
Update the Riaxe Product Customizer plugin to a patched version immediately. If no patch is available, remove the plugin from your WordPress installation to eliminate the vulnerability.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.