A critical privilege escalation vulnerability in the Riaxe Product Customizer plugin enables unauthenticated attackers to modify site settings and gain administrative control.

The plugin provides an unauthenticated AJAX hook ('wp_ajax_nopriv_install-imprint') that lacks any nonce verification or capability checks. This allows attackers to manipulate critical WordPress options, such as enabling user registration and setting the default user role to administrator.

This vulnerability carries a 9.8 CVSS score, enabling complete site compromise. Attackers can gain unauthorized administrative access, leading to full system takeover and potential data theft.

Immediate Action: Update to the latest version of the plugin or deactivate the Riaxe Product Customizer immediately if no patch is available.

Proactive Monitoring: Audit the 'wp_options' table for suspicious changes, particularly settings related to user registration and default roles.

Compensating Controls: Utilize a WAF to block unauthorized requests to the 'wp-admin/admin-ajax.php' endpoint that include the 'install-imprint' action.

Public Exploit Available: Unknown

The absence of basic security checks in this plugin makes it a high-risk vector. Immediate removal or patching is required to prevent unauthorized administrative escalation.