Unrated severityNVD Advisory· Published Feb 16, 2022· Updated Jan 31, 2025
Fancy Product Designer <= 4.7.4 Admin+ SQL Injection
CVE-2021-4134
Description
The Fancy Product Designer WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the ID parameter found in the ~/inc/api/class-view.php file which allows attackers with administrative level permissions to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 4.7.4.
Affected products
2- Range: <=4.7.4
- Fancy Product Designer/Fancy Product Designerv5Range: 4.7.4
Patches
Vulnerability mechanics
References
2- support.fancyproductdesigner.com/support/discussions/topics/13000031264mitrex_refsource_MISC
- www.wordfence.com/vulnerability-advisories/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.