Fancy Product Designer Plugin – Critical Vulnerabilities

Please remove – delete the Fancy Product Designer Plugin plugin!
This plugin suffers from Unauthenticated Arbitrary File Upload, where users can upload arbitrary files including PHP files to the server, resulting in a Remote Code Execution (RCE).
The second vulnerability is Unauthenticated SQL Injection which allows any users to execute arbitrary SQL queries in the database of the WordPress site.

Details:
https://patchstack.com/articles/critical-vulnerabilities-found-in-fancy-product-designer-plugin/

https://www.heise.de/news/Zero-Day-Luecke-bedroht-WordPress-Plug-in-Fancy-Product-Designer-10233192.html

Prices already incl. 17% TVA (VAT) if indicated.
Copyright © 2005-2025 GLOBE.LU All Rights Reserved.
Registered trademarks and labelnames belong to their respective owners.
In using our services you agree with the terms & conditions the privacy policy and cookie policy of GLOBE.LU