The Wordfence Threat Intelligence team has reported an active attack against the Fancy Product Designer plugin. The zero-day vulnerability in the Fancy Product Designer plugin allows attackers to upload malware by scanning for sites with the plugin installed.
This WordPress plugin allows users to upload images and PDF documents to add to their products. It is unfortunate that the plugin was not adequately checking for malicious files before being uploaded, so an attacker could upload PHP executable files to any website using the plugin. An attacker could take over the affected site via Remote Code Execution because of this flaw.
Moments ago, the Wordfence Threat Intelligence team posted details of a Critical 0-day vulnerability under active attack in the Fancy Product Designer plugin. Limited details are available on our blog, with recommendations for keeping your site safe. https://t.co/6bsB3sTWtU— Wordfence (@wordfence) June 1, 2021
More than 17,000 websites have been installed the plugin, according to sales statistics.
- Morningscore Review – Is it the Best All-in-one SEO Tool?
- Sites built with signed exchanges will be pre-fetched by Google.
- Blockbase, Automattic’s new block parent theme, available now.
Occasionally, zero-day exploits are also actively used in the wild. For example, threat actors can deploy executable PHP files on a site with the Fancy Product Designer plugin after exploiting the bug to bypass the plugin’s built-in checks. And, The Critical 0-day is being actively exploited and can be exploited even while the plugin is deactivated.
The vulnerability is not widely exploited. However, there has been an increase in activity targeting the Fancy Product Designer plugin since May 16, 2021. Therefore, Wordfence recommends anyone using this plugin uninstall it completely until the plugin is patched.