Security News > 2021 > June > Actively Exploited Zero-Day Found in Popular WordPress eCommerce Plugin
More than 17,000 websites are exposed to attacks targeting a critical zero-day vulnerability in the Fancy Product Designer WordPress plugin, the Wordfence team at WordPress security company Defiant warns.
Fancy Product Designer is a premium plugin for online stores that provides users with the ability to customize products with images and PDF files uploaded from various devices.
The plugin provides various other customization options as well.
The issue, they explain, could be exploited in certain configurations even if the plugin has been deactivated.
An attacker targeting the vulnerability could upload executable PHP files to any website that has the plugin installed.
The developer of Fancy Product Designer was informed about the vulnerability on May 31, the day the Wordfence team noticed the attacks.