Knowledge Base Forums Video Guides
Submit a Ticket
  1. Home
  2. Community forums
  3. Fancy Product Designer
  4. Community Discussions
Answered

Critical 0-day in Fancy Product Designer Under Active Attack

R
Rick Freeman
started a topic over 3 years ago

When can we expect a patch? 
What should we be doing? Disabling our sites until a patch is released?


"On May 31, 2021, the Wordfence Threat Intelligence team discovered a critical file upload vulnerability being actively exploited in Fancy Product Designer, a WordPress plugin installed on over 17,000 sites.

We initiated contact with the plugin’s developer the same day and received a response within 24 hours. We sent over the full disclosure the same day we received a response, on June 1, 2021. Due to this vulnerability being actively attacked, we are publicly disclosing with minimal details even though it has not yet been patched in order to alert the community to take precautions to keep their sites protected."

8 people have this question
  • M
    Michal Lepiarz
    said over 3 years ago
  • Rafael D
    said over 3 years ago

    We are currently working on a fix which will be released today.

  • Rafael D
    said over 3 years ago

    The update is now available.

  • R
    Rick Freeman
    said over 3 years ago

    Great!  Thanks for such a quick response to both my ticket and the issue!

  • O
    Oto
    said over 3 years ago
  • M
    MichiK85
    said over 3 years ago

    Maybe it's better to have a BETA group on Facebook to check the release first before updating every website. Who's with me?

  • C
    Christian
    said over 3 years ago

    Hi rady kal, by when can we expect the fix to correct the action images? thanks much for your support


  • M
    MichiK85
    said over 3 years ago

    Think it's an .htaccess problem.

  • Rafael D
    said over 3 years ago

    Seems like some copy issues during build process with the font icons. In the attachment you find these font icons. Just replace in assets/css/fonts folder of fancy-product-designer.


    I am going to upload a fixed version to codecanyon now as well.

    zip
    fonts.zip
    (53.2 KB)
  • M
    MichiK85
    said over 3 years ago

    Just upload it, delete all cache but still the same. Someone can confirm?

  • C
    Christian
    said over 3 years ago

    it works for me.. just replaces the fonts folder , deleted cache. works with safari, chrome.. desktop, mobile


  • M
    MichiK85
    said over 3 years ago

    Yes, chrome cache deleted, now it works again! Thanks!

  • Rafael D
    said over 3 years ago

    The fixed version is also available now. But version number has not changed, so you have to disable, delete and reinstall via envato market plugin.

  • D
    DomZub
    said over 3 years ago

    Worked with Font-Files... Thanks!

Login or Signup to post a comment
More topics in Community Discussions
See all 2276 topics