Impreza Portal
Sign InMy ServicesMy DomainsMy InvoicesMy Tickets
News
Celebrative Logos
Our Platform
Tutorials
Video TutorialsKnowledge Base
More
UptimeNetwork StatusAffiliatesJobsAbout us
enEnglish ($ USD)
pt-brPortuguês (R$ BRL) (Portuguese (R$ BRL))
Contact
Submit Ticket (Less than 1hour to answer)Whatsapp (Less than 24hours to answer)Telegram (Less than 24hours to anwer)Report Abuse

Special Offer for Today only!

Maximum power with a
Intel Xeon E5-2620

A powerful machine with:

  • Intel Xeon E5-2620
  • 16GB RAM
  • 2x 250GB SSD or 1TB HDD
  • 1Gbps uplink
  • Ukraine Datacenter

From

$200/mo

To

  $100/mo

Complete hardware for your Servers, choose any OS you want, reinstall, install, shut it down or turn it on, you’re in control everytime!

Order Now
HOMEDOMAINS

Servers

Whether Offshore or Surface, we have it all, a lot of Server
options for various types of use!

Hosting

Hosting Services ready for your website, whether on
WordPress or another systems, we can handle it!

Email

Be professional online and get an unique Email with your
name or the name of your company!

Security

Browse the web freely by choosing any of our online
security methods, always be anonymous online!

Choose the Hosting Service that will fit you!

Choose a complete Website Hosting for your business, get everything you need to start online

All Products ➤
WEBSITE HOSTINGWEBSITE HOSTINGThe first step to let your website onlineThe first step to let your website onlineKNOW MORE

Get a Hosting Service that works for you and let’s begin a Journey together!

Recommended Services

SSL Certificates

Backup for Websites

Open-Xchange Email

CONTACT
Login
Sign InCreate an Account
No Comments

The Fancy Product Designer plugin for WordPress has unpatched Critical Flaws

 

Radykal’s premium WordPress plugin, Fancy Product Designer, contains two critical vulnerabilities that remain unfixed in its current latest version.

With more than 20,000 sales, the plugin empowers users to customize product designs—such as clothing, mugs, and phone cases—on WooCommerce sites by changing colors, transforming text, or modifying the size.

While reviewing the plugin, Rafie Muhammad from Patchstack discovered two critical flaws on March 17, 2024:

  • CVE-2024-51919 (CVSS score: 9.0): An insecure implementation of the file upload functions ‘save_remote_file’ and ‘fpd_admin_copy_file’ causes an unauthenticated arbitrary file upload vulnerability. These functions fail to validate or restrict file types, enabling attackers to upload malicious files via a remote URL and achieve remote code execution (RCE).
  • CVE-2024-51818 (CVSS score: 9.3): Improper sanitization of user inputs due to the insufficient ‘strip_tags’ function leads to an unauthenticated SQL injection flaw. User-supplied input is directly included in database queries without proper validation, which can allow attackers to compromise databases, retrieve sensitive data, or modify and delete records.

Although Patchstack informed Radykal of these issues a day after discovering them, the vendor did not respond.

On January 6, Patchstack added the flaws to its database and published a blog post to alert users and raise awareness of the risks.

Despite releasing 20 updates, including version 6.4.3 two months ago, Radykal has not addressed these critical security issues, according to Muhammad.

Patchstack’s detailed writeup provides enough technical information for attackers to craft exploits and start targeting web stores that rely on the Fancy Product Designer plugin.

As a precaution, admins should prevent arbitrary file uploads by creating an allowed list of safe file extensions. Additionally, Patchstack advises sanitizing user inputs for database queries by using safe escaping and formatting techniques to guard against SQL injection.

The company has not provided a comment until the moment of this post.

 

Source: BleepingComputer,

You might also like
News
News

More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.