Critical 0-day in Fancy Product Designer Under Active Attack

Posted over 1 year by Rick Freeman

Post a topic
Answered
R
Rick Freeman

When can we expect a patch? 
What should we be doing? Disabling our sites until a patch is released?


"On May 31, 2021, the Wordfence Threat Intelligence team discovered a critical file upload vulnerability being actively exploited in Fancy Product Designer, a WordPress plugin installed on over 17,000 sites.

We initiated contact with the plugin’s developer the same day and received a response within 24 hours. We sent over the full disclosure the same day we received a response, on June 1, 2021. Due to this vulnerability being actively attacked, we are publicly disclosing with minimal details even though it has not yet been patched in order to alert the community to take precautions to keep their sites protected."

8 Votes

rady kal

rady kal posted over 1 year Admin Best Answer

The easiest way is to reinstall the plugin via the envato market plugin and then clear cache.

https://support.fancyproductdesigner.com/support/solutions/articles/5000582931-installing-and-keeping-the-wordpress-plugins-up-to-date

0 Votes


22 Comments

Sorted by
rady kal

rady kal posted over 1 year Admin Answer

The easiest way is to reinstall the plugin via the envato market plugin and then clear cache.

https://support.fancyproductdesigner.com/support/solutions/articles/5000582931-installing-and-keeping-the-wordpress-plugins-up-to-date

0 Votes

M

Michael Kenis posted over 1 year

It's in your Fancy Product Designer folder.

0 Votes

G

George Georgiadis posted over 1 year

I can download the zip file but there is not such a route " assets/css/fonts", at least in my server.


0 Votes

B

Bruno posted over 1 year

Hello George Georgiadis:

In a previous post by "rady kal" you can download the files and see where to replace the files. Greetings!

0 Votes

G

George Georgiadis posted over 1 year

can someone please tell where the route of these files are...?


0 Votes

B

Bruno posted over 1 year

Hello: 

I replaced the files, cleared all the cache and it only solved in Safari. In Firefox and Chrome it doesn't work ...

Thanks.

0 Votes

G

George Georgiadis posted over 1 year

Can we have some instructions on how to fix this please?

0 Votes

D

Dietmar Will posted over 1 year

replaced the font file and deleted cache in chrome. Works again. thanks

0 Votes

D

DomZub posted over 1 year

Worked with Font-Files... Thanks!

0 Votes

rady kal

rady kal posted over 1 year Admin

The fixed version is also available now. But version number has not changed, so you have to disable, delete and reinstall via envato market plugin.

0 Votes

M

Michael Kenis posted over 1 year

Yes, chrome cache deleted, now it works again! Thanks!

0 Votes

C

Christian posted over 1 year

it works for me.. just replaces the fonts folder , deleted cache. works with safari, chrome.. desktop, mobile


0 Votes

M

Michael Kenis posted over 1 year

Just upload it, delete all cache but still the same. Someone can confirm?

0 Votes

rady kal

rady kal posted over 1 year Admin

Seems like some copy issues during build process with the font icons. In the attachment you find these font icons. Just replace in assets/css/fonts folder of fancy-product-designer.


I am going to upload a fixed version to codecanyon now as well.

Attachments (1)

0 Votes

M

Michael Kenis posted over 1 year

Think it's an .htaccess problem.

0 Votes

C

Christian posted over 1 year

Hi rady kal, by when can we expect the fix to correct the action images? thanks much for your support


0 Votes

M

Michael Kenis posted over 1 year

Maybe it's better to have a BETA group on Facebook to check the release first before updating every website. Who's with me?

0 Votes

O

Oto posted over 1 year

0 Votes

R

Rick Freeman posted over 1 year

Great!  Thanks for such a quick response to both my ticket and the issue!

0 Votes

rady kal

rady kal posted over 1 year Admin

The update is now available.

0 Votes

rady kal

rady kal posted over 1 year Admin

We are currently working on a fix which will be released today.

0 Votes

M

Michal Lepiarz posted over 1 year

0 Votes

Login or Sign up to post a comment