Web Hosting Forum - Explore the Latest in Web Hosting Discussions

We are a community of individuals and businesses passionate about web hosting. Let's build, learn, and grow together.

Critical Security Flaws Found in Fancy Product Designer WordPress Plugin

Hi all,

Security researchers have discovered two critical vulnerabilities in the Fancy Product Designer plugin, used by over 20,000 WordPress websites. These flaws include an unauthenticated file upload issue (CVE-2024-51919) and an SQL injection vulnerability (CVE-2024-51818). Both vulnerabilities could allow hackers to take full control of a website or compromise its database.

Despite being notified in March 2024, the developer has yet to patch these issues, leaving users at risk even with the latest plugin version (6.4.3).

What Should You Do?
  • Limit file uploads to trusted extensions.
  • Sanitize all user inputs to avoid database exploitation.
  • Monitor your site for suspicious activity.
If you’re using this plugin, consider disabling it until a security update is released or switch to an alternative solution.

Stay safe and keep your WordPress installations updated!
 
Unfortunately, a lot of WordPress plugins and themes are built for functionality - to do whatever it is the developer wanted them to do, rather than security, which is why we see articles of this nature time and time again. A lot of developers can string bits of PHP and MySQL together, but lack a security mindset.

This really goes to show the importance of keeping plugins to an absolute minimum, making sure to utilise the core functionality of WordPress as best as possible before piling on plugin after plugin.
 
  • Advertisement
  • Advertisement

    Back
    Top