Critical 0-Day vulnerability on WordPress Plugin under Active attack. Incorporate the IOC’s ASAP.

Threat intelligence team from WordFence as identified the critical file upload vulnerability in Fancy Product Designer plugin which is under active attack.

Wordfence, the well-known WAF’s Threat Intelligence team has discovered the critical file upload vulnerability on Fancy Product Designer plugin in WordPress is actively attacked.

Fancy Product Designer , a plugin which helps to design and customize any kind of product with over 17,000 installation on WordPress is being targeted by set of IP addresses.

Wordfence has contacted the plugin developer and received the response on the same day of reporting the bug. The Threat Intelligence team had publicly disclosed the vulnerability details with minimal data since there are no patches available from the vendor at this time.

Description: Unauthenticated Arbitrary File Upload and Remote Code Execution
Affected Plugin: Fancy Product Designer
Plugin Slug:fancy-product-designer
Affected Versions: <= 4.6.8
CVE ID: CVE-2021-24370
CVSS Score: 9.8 (Critical)
Researcher/s: Charles Sweethill/Ram Gall
Fully Patched Version: Pending

Indicators of Compromise:

“Our research indicates that this vulnerability is likely not being attacked on a large scale but has been exploited since at least May 16, 2021.” stated by the researchers.

Additionally, successful attack results in a file with a unique ID and a PHP extension, which will appear in a subfolder of either
with the date the file was uploaded. For example:




The majority of attacks against this vulnerability are coming from the following IP addresses:

–For more Cyber security news in crisp content . Please follow our site

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s