Unrestricted File Upload Vulnerability in NotFound Fancy Product Designer Plugin
CVE-2024-51919

9CRITICAL

Key Information:

Vendor: WordPress
Status: Fancy Product Designer
Vendor: CVE Published:; 21 January 2025

Summary

A vulnerability exists in NotFound's Fancy Product Designer plugin that permits an unrestricted upload of potentially harmful files. This issue can allow attackers to upload and execute arbitrary files, thereby compromising the security of the affected WordPress installations. The vulnerability affects all versions of Fancy Product Designer from an unspecified state up to version 6.4.3.

Affected Version(s)

Fancy Product Designer <= 6.4.3

References

https://patchstack.com/database/wordpress/plugin/fancy-pr...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Nov 4, 2024

Credit

Rafie Muhammad (Patchstack)