Hi all,
Security researchers have discovered two critical vulnerabilities in the Fancy Product Designer plugin, used by over 20,000 WordPress websites. These flaws include an unauthenticated file upload issue (CVE-2024-51919) and an SQL injection vulnerability (CVE-2024-51818). Both vulnerabilities could allow hackers to take full control of a website or compromise its database.
Despite being notified in March 2024, the developer has yet to patch these issues, leaving users at risk even with the latest plugin version (6.4.3).
What Should You Do?
Stay safe and keep your WordPress installations updated!
Security researchers have discovered two critical vulnerabilities in the Fancy Product Designer plugin, used by over 20,000 WordPress websites. These flaws include an unauthenticated file upload issue (CVE-2024-51919) and an SQL injection vulnerability (CVE-2024-51818). Both vulnerabilities could allow hackers to take full control of a website or compromise its database.
Despite being notified in March 2024, the developer has yet to patch these issues, leaving users at risk even with the latest plugin version (6.4.3).
What Should You Do?
- Limit file uploads to trusted extensions.
- Sanitize all user inputs to avoid database exploitation.
- Monitor your site for suspicious activity.
Stay safe and keep your WordPress installations updated!