CVE-2026-3595
CVE-2026-3595 affects the Riaxe Product Customizer plugin for WordPress. All versions up to and including 2.1.2 are vulnerable due to an unauthenticated authorization bypass: the plugin registers a REST API route POST /wp-json/InkXEProductDesignerLite/customer/delete_customer without a permission...