Critical Zero-Day Discovered in Fancy Product Designer WordPress Plug-in

The plug-in under active attack has been installed on more than 17,000 websites, say researchers.

A recently discovered critical file upload vulnerability is being actively exploited in Fancy Product Designer, a WordPress plug-in installed on more than 17,000 websites.
Researchers from Wordfence, which develops security solutions to protect WordPress, says it found the vulnerability on Monday. The Wordfence Intelligence Team contacted the plug-ins developer the same day and received a response within 24 hours.
While the Wordfence firewalls built-in file upload protection blocks most attacks targeting this vulnerability, the team found a bypass is possible in some configurations. Wordfence released a new firewall rule to premium customers on Monday, though websites running the free version of Wordfence will receive the rule after 30 days, on June 30.
As this is a Critical 0-day under active attack and is exploitable in some configurations even if the plugin has been deactivated, we urge anyone using this plugin to completely uninstall Fancy Product Designer, if possible, until a patched version is available, Wordfence says in a statement.
Wordfence says research finds the vulnerability is likely not being targeted on a large scale but has been exploited since at least May 16, 2021.
More details are available
here
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Critical Zero-Day Discovered in Fancy Product Designer WordPress Plug-in