High severity8.8NVD Advisory· Published Oct 20, 2023· Updated Apr 8, 2026
CVE-2021-4334
CVE-2021-4334
Description
The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation.
Affected products
2- cpe:2.3:a:radykal:fancy_product_designer:*:*:*:*:*:wordpress:*:*Range: <4.7.0
- Range: <=4.6.9
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.