When can we expect a patch? What should we be doing? Disabling our sites until a patch is released?
"On May 31, 2021, the Wordfence Threat Intelligence team discovered a
critical file upload vulnerability being actively exploited in Fancy
Product Designer, a WordPress plugin installed on over 17,000 sites.
We initiated contact with the plugin’s developer the same day and
received a response within 24 hours. We sent over the full disclosure
the same day we received a response, on June 1, 2021. Due to this
vulnerability being actively attacked, we are publicly disclosing with
minimal details even though it has not yet been patched in order to
alert the community to take precautions to keep their sites protected."
8 Votes
rady kal posted
almost 3 years ago
AdminBest Answer
The easiest way is to reinstall the plugin via the envato market plugin and then clear cache.
I can download the zip file but there is not such a route "assets/css/fonts", at least in my server.
0 Votes
B
Brunoposted
almost 3 years ago
Hello George Georgiadis:
In a previous post by "rady kal" you can download the files and see where to replace the files. Greetings!
0 Votes
G
George Georgiadisposted
almost 3 years ago
can someone please tell where the route of these files are...?
0 Votes
B
Brunoposted
almost 3 years ago
Hello:
I replaced the files, cleared all the cache and it only solved in Safari. In Firefox and Chrome it doesn't work ...
Thanks.
0 Votes
G
George Georgiadisposted
almost 3 years ago
Can we have some instructions on how to fix this please?
0 Votes
D
Dietmar Willposted
almost 3 years ago
replaced the font file and deleted cache in chrome. Works again. thanks
0 Votes
D
DomZubposted
almost 3 years ago
Worked with Font-Files... Thanks!
0 Votes
rady kalposted
almost 3 years ago
Admin
The fixed version is also available now. But version number has not changed, so you have to disable, delete and reinstall via envato market plugin.
0 Votes
M
MichiK85posted
almost 3 years ago
Yes, chrome cache deleted, now it works again! Thanks!
0 Votes
C
Christianposted
almost 3 years ago
it works for me.. just replaces the fonts folder , deleted cache. works with safari, chrome.. desktop, mobile
0 Votes
M
MichiK85posted
almost 3 years ago
Just upload it, delete all cache but still the same. Someone can confirm?
0 Votes
rady kalposted
almost 3 years ago
Admin
Seems like some copy issues during build process with the font icons. In the attachment you find these font icons. Just replace in assets/css/fonts folder of fancy-product-designer.
I am going to upload a fixed version to codecanyon now as well.
When can we expect a patch?
What should we be doing? Disabling our sites until a patch is released?
"On May 31, 2021, the Wordfence Threat Intelligence team discovered a critical file upload vulnerability being actively exploited in Fancy Product Designer, a WordPress plugin installed on over 17,000 sites.
We initiated contact with the plugin’s developer the same day and received a response within 24 hours. We sent over the full disclosure the same day we received a response, on June 1, 2021. Due to this vulnerability being actively attacked, we are publicly disclosing with minimal details even though it has not yet been patched in order to alert the community to take precautions to keep their sites protected."
8 Votes
rady kal posted almost 3 years ago Admin Best Answer
The easiest way is to reinstall the plugin via the envato market plugin and then clear cache.
https://support.fancyproductdesigner.com/support/solutions/articles/5000582931-installing-and-keeping-the-wordpress-plugins-up-to-date
0 Votes
22 Comments
rady kal posted almost 3 years ago Admin Answer
The easiest way is to reinstall the plugin via the envato market plugin and then clear cache.
https://support.fancyproductdesigner.com/support/solutions/articles/5000582931-installing-and-keeping-the-wordpress-plugins-up-to-date
0 Votes
MichiK85 posted almost 3 years ago
It's in your Fancy Product Designer folder.
0 Votes
George Georgiadis posted almost 3 years ago
I can download the zip file but there is not such a route " assets/css/fonts", at least in my server.
0 Votes
Bruno posted almost 3 years ago
Hello George Georgiadis:
In a previous post by "rady kal" you can download the files and see where to replace the files. Greetings!
0 Votes
George Georgiadis posted almost 3 years ago
can someone please tell where the route of these files are...?
0 Votes
Bruno posted almost 3 years ago
Hello:
I replaced the files, cleared all the cache and it only solved in Safari. In Firefox and Chrome it doesn't work ...
Thanks.
0 Votes
George Georgiadis posted almost 3 years ago
Can we have some instructions on how to fix this please?
0 Votes
Dietmar Will posted almost 3 years ago
replaced the font file and deleted cache in chrome. Works again. thanks
0 Votes
DomZub posted almost 3 years ago
Worked with Font-Files... Thanks!
0 Votes
rady kal posted almost 3 years ago Admin
The fixed version is also available now. But version number has not changed, so you have to disable, delete and reinstall via envato market plugin.
0 Votes
MichiK85 posted almost 3 years ago
Yes, chrome cache deleted, now it works again! Thanks!
0 Votes
Christian posted almost 3 years ago
it works for me.. just replaces the fonts folder , deleted cache. works with safari, chrome.. desktop, mobile
0 Votes
MichiK85 posted almost 3 years ago
Just upload it, delete all cache but still the same. Someone can confirm?
0 Votes
rady kal posted almost 3 years ago Admin
Seems like some copy issues during build process with the font icons. In the attachment you find these font icons. Just replace in assets/css/fonts folder of fancy-product-designer.
I am going to upload a fixed version to codecanyon now as well.
Attachments (1)
fonts.zip
53.2 KB
0 Votes
MichiK85 posted almost 3 years ago
Think it's an .htaccess problem.
0 Votes
Christian posted almost 3 years ago
Hi rady kal, by when can we expect the fix to correct the action images? thanks much for your support
0 Votes
MichiK85 posted almost 3 years ago
Maybe it's better to have a BETA group on Facebook to check the release first before updating every website. Who's with me?
0 Votes
Oto posted almost 3 years ago
Hi, bug in new version 4.6.9
https://support.fancyproductdesigner.com/support/discussions/topics/13000029847?page=1
0 Votes
Rick Freeman posted almost 3 years ago
Great! Thanks for such a quick response to both my ticket and the issue!
0 Votes
rady kal posted almost 3 years ago Admin
The update is now available.
0 Votes
rady kal posted almost 3 years ago Admin
We are currently working on a fix which will be released today.
0 Votes
Michal Lepiarz posted almost 3 years ago
Just adding source:
https://www.wordfence.com/blog/2021/06/critical-0-day-in-fancy-product-designer-under-active-attack/
0 Votes
Login or Sign up to post a comment