skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Critical Vulnerabilities Found in Fancy Product Designer Plugin

/ 1 min read

🪲 Critical vulnerabilities remain unpatched in Fancy Product Designer plugin. The Fancy Product Designer plugin, used for customizing products on WooCommerce sites, has been found to have two critical security flaws, CVE-2024-51919 and CVE-2024-51818, with CVSS scores of 9.0 and 9.3, respectively. Discovered by Patchstack’s Rafie Muhammad, these vulnerabilities allow for unauthenticated arbitrary file uploads and SQL injection attacks, potentially leading to remote code execution and database compromise. Despite notifying the vendor, Radykal has not responded, and the issues remain unaddressed even after multiple updates. Patchstack advises users to implement security measures, such as restricting file uploads and sanitizing user inputs, to mitigate risks. BleepingComputer has reached out to Radykal for comments on future security updates.

Source
{entry.data.source.title}
Original