Vulnerabilities > Radykal > Fancy Product Designer > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-20 | CVE-2021-4334 | Incorrect Authorization vulnerability in Radykal Fancy Product Designer The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. | 8.8 |
| 2022-04-19 | CVE-2021-4096 | Cross-Site Request Forgery (CSRF) vulnerability in Radykal Fancy Product Designer The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5. | 8.8 |