VYPR
Unrated severityNVD Advisory· Published Feb 16, 2022· Updated Jan 31, 2025

Fancy Product Designer <= 4.7.4 Admin+ SQL Injection

CVE-2021-4134

Description

The Fancy Product Designer WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the ID parameter found in the ~/inc/api/class-view.php file which allows attackers with administrative level permissions to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 4.7.4.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.