When can we expect a patch? What should we be doing? Disabling our sites until a patch is released?
"On May 31, 2021, the Wordfence Threat Intelligence team discovered a
critical file upload vulnerability being actively exploited in Fancy
Product Designer, a WordPress plugin installed on over 17,000 sites.
We initiated contact with the plugin’s developer the same day and
received a response within 24 hours. We sent over the full disclosure
the same day we received a response, on June 1, 2021. Due to this
vulnerability being actively attacked, we are publicly disclosing with
minimal details even though it has not yet been patched in order to
alert the community to take precautions to keep their sites protected."
8 Votes
rady kal posted
over 2 years ago
AdminBest Answer
The easiest way is to reinstall the plugin via the envato market plugin and then clear cache.
Maybe it's better to have a BETA group on Facebook to check the release first before updating every website. Who's with me?
0 Votes
C
Christianposted
over 2 years ago
Hi rady kal, by when can we expect the fix to correct the action images? thanks much for your support
0 Votes
M
MichiK85posted
over 2 years ago
Think it's an .htaccess problem.
0 Votes
rady kalposted
over 2 years ago
Admin
Seems like some copy issues during build process with the font icons. In the attachment you find these font icons. Just replace in assets/css/fonts folder of fancy-product-designer.
I am going to upload a fixed version to codecanyon now as well.
When can we expect a patch?
What should we be doing? Disabling our sites until a patch is released?
"On May 31, 2021, the Wordfence Threat Intelligence team discovered a critical file upload vulnerability being actively exploited in Fancy Product Designer, a WordPress plugin installed on over 17,000 sites.
We initiated contact with the plugin’s developer the same day and received a response within 24 hours. We sent over the full disclosure the same day we received a response, on June 1, 2021. Due to this vulnerability being actively attacked, we are publicly disclosing with minimal details even though it has not yet been patched in order to alert the community to take precautions to keep their sites protected."
8 Votes
rady kal posted over 2 years ago Admin Best Answer
The easiest way is to reinstall the plugin via the envato market plugin and then clear cache.
https://support.fancyproductdesigner.com/support/solutions/articles/5000582931-installing-and-keeping-the-wordpress-plugins-up-to-date
0 Votes
22 Comments
Michal Lepiarz posted over 2 years ago
Just adding source:
https://www.wordfence.com/blog/2021/06/critical-0-day-in-fancy-product-designer-under-active-attack/
0 Votes
rady kal posted over 2 years ago Admin
We are currently working on a fix which will be released today.
0 Votes
rady kal posted over 2 years ago Admin
The update is now available.
0 Votes
Rick Freeman posted over 2 years ago
Great! Thanks for such a quick response to both my ticket and the issue!
0 Votes
Oto posted over 2 years ago
Hi, bug in new version 4.6.9
https://support.fancyproductdesigner.com/support/discussions/topics/13000029847?page=1
0 Votes
MichiK85 posted over 2 years ago
Maybe it's better to have a BETA group on Facebook to check the release first before updating every website. Who's with me?
0 Votes
Christian posted over 2 years ago
Hi rady kal, by when can we expect the fix to correct the action images? thanks much for your support
0 Votes
MichiK85 posted over 2 years ago
Think it's an .htaccess problem.
0 Votes
rady kal posted over 2 years ago Admin
Seems like some copy issues during build process with the font icons. In the attachment you find these font icons. Just replace in assets/css/fonts folder of fancy-product-designer.
I am going to upload a fixed version to codecanyon now as well.
Attachments (1)
fonts.zip
53.2 KB
0 Votes
MichiK85 posted over 2 years ago
Just upload it, delete all cache but still the same. Someone can confirm?
0 Votes
Christian posted over 2 years ago
it works for me.. just replaces the fonts folder , deleted cache. works with safari, chrome.. desktop, mobile
0 Votes
MichiK85 posted over 2 years ago
Yes, chrome cache deleted, now it works again! Thanks!
0 Votes
rady kal posted over 2 years ago Admin
The fixed version is also available now. But version number has not changed, so you have to disable, delete and reinstall via envato market plugin.
0 Votes
DomZub posted over 2 years ago
Worked with Font-Files... Thanks!
0 Votes
Dietmar Will posted over 2 years ago
replaced the font file and deleted cache in chrome. Works again. thanks
0 Votes
George Georgiadis posted over 2 years ago
Can we have some instructions on how to fix this please?
0 Votes
Bruno posted over 2 years ago
Hello:
I replaced the files, cleared all the cache and it only solved in Safari. In Firefox and Chrome it doesn't work ...
Thanks.
0 Votes
George Georgiadis posted over 2 years ago
can someone please tell where the route of these files are...?
0 Votes
Bruno posted over 2 years ago
Hello George Georgiadis:
In a previous post by "rady kal" you can download the files and see where to replace the files. Greetings!
0 Votes
George Georgiadis posted over 2 years ago
I can download the zip file but there is not such a route " assets/css/fonts", at least in my server.
0 Votes
MichiK85 posted over 2 years ago
It's in your Fancy Product Designer folder.
0 Votes
rady kal posted over 2 years ago Admin Answer
The easiest way is to reinstall the plugin via the envato market plugin and then clear cache.
https://support.fancyproductdesigner.com/support/solutions/articles/5000582931-installing-and-keeping-the-wordpress-plugins-up-to-date
0 Votes
Login or Sign up to post a comment