A critical vulnerability in a WordPress plugin under active attack, risking over 17,000 websites
A critical vulnerability in a WordPress plugin under active attack, risking over 17,000 websites
A zero-day vulnerability allows attackers to upload malicious files on e-commerce websites, eventually taking over their databases for customer information.
advertisement
(Image for representation: Reuters)
A new security risk has been discovered by the Threat Intelligence team at Wordfence.
The vulnerability affects a WordPress plugin that allows the upload of images and PDF files for products.
A threat report states that it is under active attack since January 30, 2021.
A new vulnerability has been found in a WordPress plugin that affects over 17,000 websites. The vulnerability is actively being exploited to collect customer information from these e-commerce sites.
Hackers Actively Exploiting 0-Day in WordPress Plugin Jun 3, 2021 12:01 GMT
· Comment
Wordpress Exploit
Fancy Product Designer, a WordPress plugin used on over 17,000 websites, contains a critical file upload vulnerability that is currently being exploited in the wild to upload malware to websites where the plugin is installed.
The vulnerability was identified by Wordfence s Threat Intelligence team and reported to the vendor on May 31. Although the issue has been identified, it has yet to be fixed.
Fancy Product Designer is a platform that allows businesses to offer personalized items. Customers can design anything from t-shirts to phone cases by uploading photos and PDF files that can then be integrated into the product.
Hackers are exploiting a critical zero-day flaw in the WordPress plug-in Fancy Product Designer, which allows remote code execution, the Wordfence Threat