CVE Disclosure · WordPress Plugin Ecosystem

CVE-2026-3599

Riaxe Product Customizer

SQL injection

CVSS7.5

SeverityHigh

ClassSQL injection

TrackWordPress Plugin Ecosystem

Summary

CVE-2026-3599 is a high-severity vulnerability (CVSS 7.5) affecting Riaxe Product Customizer. The issue is classified as SQL injection, part of the WordPress Plugin Ecosystem disclosure track on this site.

References

Authoritative sources and PoC material:

NVD↗MITRE↗PoC repo↗

Disclosure

Reporter: Kai Aizen (snailsploit)
Coordination: Vendor + MITRE/NVD
Status: Disclosed · CVE assigned · entry public on NVD
Track: WordPress Plugin Ecosystem

About this writeup

Detailed exploitation analysis, root-cause walkthrough, and remediation guidance for this finding live in the PoC repository. For broader methodology see services and research.

Author

Kai Aizen

Independent offensive security researcher. 23 published CVEs, 5 Linux kernel mainline patches, creator of AATMF / P.R.O.M.P.T / SEF, author of Adversarial Minds.

about services github x linkedin researchgate