snailsploit[$]
CVE Disclosure · WordPress Plugin Ecosystem

CVE-2026-3595

Riaxe Product Customizer

Unauthenticated user deletion

CVSS5.3
SeverityMedium
ClassUnauthenticated user deletion
TrackWordPress Plugin Ecosystem

Summary

CVE-2026-3595 is a medium-severity vulnerability (CVSS 5.3) affecting Riaxe Product Customizer. The issue is classified as Unauthenticated user deletion, part of the WordPress Plugin Ecosystem disclosure track on this site.

References

Authoritative sources and PoC material:

NVDMITREPoC repo

Disclosure

Reporter
Kai Aizen (snailsploit)
Coordination
Vendor + MITRE/NVD
Status
Disclosed · CVE assigned · entry public on NVD
Track
WordPress Plugin Ecosystem

About this writeup

Detailed exploitation analysis, root-cause walkthrough, and remediation guidance for this finding live in the PoC repository. For broader methodology see services and research.

disclosure contextall 23 cves →
all disclosures
CVE Ledger →
23 published CVEs across container, web, OSS, kernel
advisories
GHSA disclosures →
coordinated security advisories
engage
Pen Testing →
same methodology, your stack
Author
Kai Aizen
Independent offensive security researcher. 23 published CVEs, 5 Linux kernel mainline patches, creator of AATMF / P.R.O.M.P.T / SEF, author of Adversarial Minds.
aboutservicesgithubxlinkedinresearchgate