Zero-day vulnerability threatens WordPress plug-in Fancy Product Designer
Attacks on online stores based on WordPress with Fancy Product Designer may be imminent.
(Image: solarseven/Shutterstock.com)
Two security vulnerabilities in the WordPress plug-in Fancy Product Designer endanger online stores. A security update is not yet available. If attacks are successful, attackers can completely compromise stores. Online shop operators can use the plug-in to design products for their store, among other things.
Waiting for a security patch
Security researchers from Patchstack warn against this in an article. The two vulnerabilities (CVE-2024-51919, CVE-2024-51818) are classified as “critical”. If attacks are successful, attackers can install backdoors or manipulate databases via the defective upload function. So far, there is no evidence of attacks.
Videos by heise
The researchers state that they reported the vulnerabilities to the plug-in provider back in March 2024. According to them, they have been contacted several times since then, but have not yet received a response. The current version 6.4.3 is still said to be vulnerable. Whether and when a patch will be released remains unclear. Until then, the plug-in should not be used for security reasons.
(des)
