Unrated severityNVD Advisory· Published Apr 19, 2022· Updated Feb 7, 2025
Fancy Product Designer <= 4.7.5 - Cross-Site Request Forgery to Arbitrary File Upload
CVE-2021-4096
Description
The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5.
Affected products
2- Range: <=4.7.5
- fancy-product-designer/Fancy Product Designerv5Range: 4.7.5
Patches
Vulnerability mechanics
References
2- support.fancyproductdesigner.com/support/discussions/topics/13000031615mitrex_refsource_MISC
- www.wordfence.com/vulnerability-advisories/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.