Researchers from Patchstack find two new flaws in Fancy Product Designer
The Radykal-built WordPress plugin has more than 20,000 active users
The flaws allowed for remote code execution, arbitrary file upload, and more
A popular WordPress plugin was found carrying two critical vulnerabilities that allow threat actors to upload files, tamper with databases, and essentially take over compromised websites.
To make matters worse, the vulnerabilities remained in the code for more than half a year, despite the developers being notified, and actively working on new versions in the meantime.
