Critical 0-day in Fancy Product Designer Under Active Attack

Posted almost 3 years ago by Rick Freeman

Post a topic
Answered
R
Rick Freeman

When can we expect a patch? 
What should we be doing? Disabling our sites until a patch is released?


"On May 31, 2021, the Wordfence Threat Intelligence team discovered a critical file upload vulnerability being actively exploited in Fancy Product Designer, a WordPress plugin installed on over 17,000 sites.

We initiated contact with the plugin’s developer the same day and received a response within 24 hours. We sent over the full disclosure the same day we received a response, on June 1, 2021. Due to this vulnerability being actively attacked, we are publicly disclosing with minimal details even though it has not yet been patched in order to alert the community to take precautions to keep their sites protected."

8 Votes

rady kal

rady kal posted almost 3 years ago Admin Best Answer

The easiest way is to reinstall the plugin via the envato market plugin and then clear cache.

https://support.fancyproductdesigner.com/support/solutions/articles/5000582931-installing-and-keeping-the-wordpress-plugins-up-to-date

0 Votes


22 Comments

Sorted by
rady kal

rady kal posted almost 3 years ago Admin Answer

The easiest way is to reinstall the plugin via the envato market plugin and then clear cache.

https://support.fancyproductdesigner.com/support/solutions/articles/5000582931-installing-and-keeping-the-wordpress-plugins-up-to-date

0 Votes

M

MichiK85 posted almost 3 years ago

It's in your Fancy Product Designer folder.

0 Votes

G

George Georgiadis posted almost 3 years ago

I can download the zip file but there is not such a route " assets/css/fonts", at least in my server.


0 Votes

B

Bruno posted almost 3 years ago

Hello George Georgiadis:

In a previous post by "rady kal" you can download the files and see where to replace the files. Greetings!

0 Votes

G

George Georgiadis posted almost 3 years ago

can someone please tell where the route of these files are...?


0 Votes

B

Bruno posted almost 3 years ago

Hello: 

I replaced the files, cleared all the cache and it only solved in Safari. In Firefox and Chrome it doesn't work ...

Thanks.

0 Votes

G

George Georgiadis posted almost 3 years ago

Can we have some instructions on how to fix this please?

0 Votes

D

Dietmar Will posted almost 3 years ago

replaced the font file and deleted cache in chrome. Works again. thanks

0 Votes

D

DomZub posted almost 3 years ago

Worked with Font-Files... Thanks!

0 Votes

rady kal

rady kal posted almost 3 years ago Admin

The fixed version is also available now. But version number has not changed, so you have to disable, delete and reinstall via envato market plugin.

0 Votes

M

MichiK85 posted almost 3 years ago

Yes, chrome cache deleted, now it works again! Thanks!

0 Votes

C

Christian posted almost 3 years ago

it works for me.. just replaces the fonts folder , deleted cache. works with safari, chrome.. desktop, mobile


0 Votes

M

MichiK85 posted almost 3 years ago

Just upload it, delete all cache but still the same. Someone can confirm?

0 Votes

rady kal

rady kal posted almost 3 years ago Admin

Seems like some copy issues during build process with the font icons. In the attachment you find these font icons. Just replace in assets/css/fonts folder of fancy-product-designer.


I am going to upload a fixed version to codecanyon now as well.

Attachments (1)

0 Votes

M

MichiK85 posted almost 3 years ago

Think it's an .htaccess problem.

0 Votes

C

Christian posted almost 3 years ago

Hi rady kal, by when can we expect the fix to correct the action images? thanks much for your support


0 Votes

M

MichiK85 posted almost 3 years ago

Maybe it's better to have a BETA group on Facebook to check the release first before updating every website. Who's with me?

0 Votes

O

Oto posted almost 3 years ago

0 Votes

R

Rick Freeman posted almost 3 years ago

Great!  Thanks for such a quick response to both my ticket and the issue!

0 Votes

rady kal

rady kal posted almost 3 years ago Admin

The update is now available.

0 Votes

rady kal

rady kal posted almost 3 years ago Admin

We are currently working on a fix which will be released today.

0 Votes

M

Michal Lepiarz posted almost 3 years ago

0 Votes

Login or Sign up to post a comment