Welcome to the support center for

Fancy Product Designer & Multistep Product Configurator


Critical 0-day in Fancy Product Designer Under Active Attack

When can we expect a patch? 
What should we be doing? Disabling our sites until a patch is released?

"On May 31, 2021, the Wordfence Threat Intelligence team discovered a critical file upload vulnerability being actively exploited in Fancy Product Designer, a WordPress plugin installed on over 17,000 sites.

We initiated contact with the plugin’s developer the same day and received a response within 24 hours. We sent over the full disclosure the same day we received a response, on June 1, 2021. Due to this vulnerability being actively attacked, we are publicly disclosing with minimal details even though it has not yet been patched in order to alert the community to take precautions to keep their sites protected."

8 people have this question

We are currently working on a fix which will be released today.

The update is now available.

Great!  Thanks for such a quick response to both my ticket and the issue!

Maybe it's better to have a BETA group on Facebook to check the release first before updating every website. Who's with me?

Hi rady kal, by when can we expect the fix to correct the action images? thanks much for your support

Think it's an .htaccess problem.

Seems like some copy issues during build process with the font icons. In the attachment you find these font icons. Just replace in assets/css/fonts folder of fancy-product-designer.

I am going to upload a fixed version to codecanyon now as well.

fonts.zip fonts.zip
53.2 KB

Just upload it, delete all cache but still the same. Someone can confirm?

it works for me.. just replaces the fonts folder , deleted cache. works with safari, chrome.. desktop, mobile

Yes, chrome cache deleted, now it works again! Thanks!

The fixed version is also available now. But version number has not changed, so you have to disable, delete and reinstall via envato market plugin.

Worked with Font-Files... Thanks!

Login or Signup to post a comment