Posted on Leave a comment

Critical 0-Day vulnerability on WordPress Plugin under Active attack. Incorporate the IOC’s ASAP.

Threat intelligence team from WordFence as identified the critical file upload vulnerability in Fancy Product Designer plugin which is under active attack.

Wordfence, the well-known WAF’s Threat Intelligence team has discovered the critical file upload vulnerability on Fancy Product Designer plugin in WordPress is actively attacked.

Fancy Product Designer , a plugin which helps to design and customize any kind of product with over 17,000 installation on WordPress is being targeted by set of IP addresses.

Wordfence has contacted the plugin developer and received the response on the same day of reporting the bug. The Threat Intelligence team had publicly disclosed the vulnerability details with minimal data since there are no patches available from the vendor at this time.

Description: Unauthenticated Arbitrary File Upload and Remote Code Execution
Affected Plugin: Fancy Product Designer
Plugin Slug:fancy-product-designer
Affected Versions: <= 4.6.8
CVE ID: CVE-2021-24370
CVSS Score: 9.8 (Critical)
CVSS Vector:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Researcher/s: Charles Sweethill/Ram Gall
Fully Patched Version: Pending

Indicators of Compromise:

“Our research indicates that this vulnerability is likely not being attacked on a large scale but has been exploited since at least May 16, 2021.” stated by the researchers.

Additionally, successful attack results in a file with a unique ID and a PHP extension, which will appear in a subfolder of either
wp-admin
or
wp-content/plugins/fancy-product-designer/inc
with the date the file was uploaded. For example:

wp-content/plugins/fancy-product-designer/inc/2021/05/30/4fa00001c720b30102987d980e62d5e4.php

or

wp-admin/2021/05/31/1d4609806ff0f4e89a3fb5fa35678fa0.php

The majority of attacks against this vulnerability are coming from the following IP addresses:

69.12.71.82
92.53.124.123
46.53.253.152

–For more Cyber security news in crisp content . Please follow our site

Leave a Reply