News

Hackers Exploit 0-Day In WordPress Plugin(Fancy Product Designer).

Hackers Exploit 0-Day In WordPress Plugin(Fancy Product Designer).

Hello Hackers,

We are again back with something exciting and new, recently heard a NEWS of 0-day Vulnerability in the WordPress plugin

Let’s analyze what was actually happened…

Fancy Product Designer is a WordPress plugin and it was a well-known plugin which is Installed over 17000 sites.

There has been a discovery of Critical File Upload Vulnerability where Attackers have taken advantage of that to import Malware & Virus in the website.

The Flaw had been discovered by “Wordfence’s Threat Intelligence team“. They reported the issue to the plugin developer on May 31.

Fancy Product Designer is a plugin that uses in business and allows the Customer to design any kind of product ranging from T-shirts to Phone cases. This allows upload image and PDF file to the website…

The plugin had some filters or some checks to prevent a Malicious file from being uploaded as an IMG” or “PDF” file but somehow these checks or filters are insufficient to protect the website which can be easily BYPASSED.

This allows hackers to upload “PHP shell” to any site which uses a fancy product designer plugin.

Wordfence’s said in his Write-up:

Indicator Of Compromise

In most cases, a successful attack results in a number of files that will appear in a subfolder of either
wp-admin
or
wp-content/plugins/fancy-product-designer/inc
with the date, the file was uploaded. For instance:

wp-content/plugins/fancy-product-designer/inc/2021/05/30/4fa00001c720b30102987d980e62d5e4.php

or

wp-admin/2021/05/31/4fa00001c720b30102987d980e62d5e4.php

Update – the filenames in question are deterministic and we have added filenames associated with this vulnerability.

Due to this vulnerability an attacker can achieve Remote Code Execution(RCE) allowing to takeover full website.

Description : File upload & RCE

Affected Plugin : Fancy Product Designer

Affected Version : <4.6.9

CVE-ID : CVE-2021-24370

CVSS Score : 9.8(critical)

Researchers : Charles Sweehill / Ram Gall

Full Patched Version : 4.6.9

Happy Hacking!!

Share this post

About the author

Leave a Reply

Your email address will not be published. Required fields are marked *