Threat intelligence team from WordFence as identified the critical file upload vulnerability in Fancy Product Designer plugin which is under active attack.
Tweet
Wordfence, the well-known WAF’s Threat Intelligence team has discovered the critical file upload vulnerability on Fancy Product Designer plugin in WordPress is actively attacked.
Fancy Product Designer , a plugin which helps to design and customize any kind of product with over 17,000 installation on WordPress is being targeted by set of IP addresses.
Wordfence has contacted the plugin developer and received the response on the same day of reporting the bug. The Threat Intelligence team had publicly disclosed the vulnerability details with minimal data since there are no patches available from the vendor at this time.
Description: Unauthenticated Arbitrary File Upload and Remote Code Execution
Affected Plugin: Fancy Product Designer
Plugin Slug:fancy-product-designer
Affected Versions: <= 4.6.8
CVE ID: CVE-2021-24370
CVSS Score: 9.8 (Critical)
CVSS Vector:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Researcher/s: Charles Sweethill/Ram Gall
Fully Patched Version: Pending
Indicators of Compromise:
“Our research indicates that this vulnerability is likely not being attacked on a large scale but has been exploited since at least May 16, 2021.” stated by the researchers.
Additionally, successful attack results in a file with a unique ID and a PHP extension, which will appear in a subfolder of eitherwp-admin
orwp-content/plugins/fancy-product-designer/inc
with the date the file was uploaded. For example:
wp-content/plugins/fancy-product-designer/inc/2021/05/30/4fa00001c720b30102987d980e62d5e4.php
or
wp-admin/2021/05/31/1d4609806ff0f4e89a3fb5fa35678fa0.php
The majority of attacks against this vulnerability are coming from the following IP addresses:
69.12.71.82
92.53.124.123
46.53.253.152
–For more Cyber security news in crisp content . Please follow our site