Vulnerabilities > CVE-2021-24370 - Unspecified vulnerability in Radykal Fancy Product Designer
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution.
Vulnerable Configurations
References
- https://lists.openwall.net/full-disclosure/2020/11/17/2
- https://lists.openwall.net/full-disclosure/2020/11/17/2
- https://seclists.org/fulldisclosure/2020/Nov/30
- https://seclists.org/fulldisclosure/2020/Nov/30
- https://wpscan.com/vulnerability/82c52461-1fdc-41e4-9f51-f9dd84962b38
- https://wpscan.com/vulnerability/82c52461-1fdc-41e4-9f51-f9dd84962b38
- https://www.secpod.com/blog/critical-zero-day-flaw-actively-exploited-in-wordpress-fancy-product-designer-plugin/
- https://www.secpod.com/blog/critical-zero-day-flaw-actively-exploited-in-wordpress-fancy-product-designer-plugin/
- https://www.wordfence.com/blog/2021/06/critical-0-day-in-fancy-product-designer-under-active-attack/
- https://www.wordfence.com/blog/2021/06/critical-0-day-in-fancy-product-designer-under-active-attack/