Answered

Critical 0-day in Fancy Product Designer Under Active Attack

When can we expect a patch? 
What should we be doing? Disabling our sites until a patch is released?


"On May 31, 2021, the Wordfence Threat Intelligence team discovered a critical file upload vulnerability being actively exploited in Fancy Product Designer, a WordPress plugin installed on over 17,000 sites.

We initiated contact with the plugin’s developer the same day and received a response within 24 hours. We sent over the full disclosure the same day we received a response, on June 1, 2021. Due to this vulnerability being actively attacked, we are publicly disclosing with minimal details even though it has not yet been patched in order to alert the community to take precautions to keep their sites protected."


8 people have this question
  • replaced the font file and deleted cache in chrome. Works again. thanks

  • Can we have some instructions on how to fix this please?

  • Hello: 

    I replaced the files, cleared all the cache and it only solved in Safari. In Firefox and Chrome it doesn't work ...

    Thanks.

  • can someone please tell where the route of these files are...?


  • Hello George Georgiadis:

    In a previous post by "rady kal" you can download the files and see where to replace the files. Greetings!

  • I can download the zip file but there is not such a route " assets/css/fonts", at least in my server.


  • It's in your Fancy Product Designer folder.

  • The easiest way is to reinstall the plugin via the envato market plugin and then clear cache.

    https://support.fancyproductdesigner.com/support/solutions/articles/5000582931-installing-and-keeping-the-wordpress-plugins-up-to-date

Login or Signup to post a comment