Reflected Cross-Site Scripting Vulnerability in Fancy Product Designer WordPress Plugin
CVE-2024-0905

Currently unrated

Key Information:

Vendor: Wordpress
Status: Fancy Product Designer
Vendor: CVE Published:; 26 April 2024

What is CVE-2024-0905?

The Fancy Product Designer WordPress plugin prior to version 6.1.8 contains a vulnerability due to improper sanitization and escaping of parameters before rendering them on the web page. This oversight allows for reflected cross-site scripting (XSS) attacks, posing a risk to both unauthenticated users and administrators. Attackers could exploit this vulnerability to execute arbitrary scripts in the context of the affected users, leading to potential data theft, session hijacking, or other malicious activities.

References

https://wpscan.com/vulnerability/3b9eba0d-29aa-47e4-b17f-...

Timeline

Vulnerability published
Apr 26, 2024

Wordpress

What is CVE-2024-0905?

References

Timeline