Home / Technology / Hackers‌‌‌ct‌‌‌‌‌‌ —– WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress

Hackers‌‌‌ct‌‌‌‌‌‌ —– WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress WordPress



WordPress extension

Fancy Product Designer, a WordPress plugin installed on over 17,000 websites, has been discovered to contain a critical vulnerability to file uploads that are actively exploited in nature to upload malicious software to websites that have the plugin installed.

Wordfence’s threat information team, which discovered the bug, said it reported the issue to the plugin developer on May 31

. While the error has been acknowledged, it has not yet been resolved.

Fancy Product Designer is a tool that enables companies to offer customizable products so that customers can design any type of item, from T-shirts to phone cases by offering the ability to upload photos and PDF files such as can be added to the products.

password-revisor

“Unfortunately, while the plugin had some controls in place to prevent malicious files from being uploaded, those controls were inadequate and could be easily bypassed so that attackers could upload executable PHP files to any plug-in site,” he said. said Wordfence -up published Tuesday.

WordPress extension

Armed with this capability, an attacker could achieve remote code execution on an affected site, allowing full takeover of the site, the researchers noted. Wordfence has not shared the technical specifications of the vulnerability as it is under active attack.

Wordfence said that the critical zero-day could be exploited in selected configurations even if the plug-in has been disabled, and encourages users to uninstall Fancy Product Designer until a patched version becomes available.

This is far from the first time Wordfence has revealed serious issues in WordPress plugins. In December 2017, a hidden backdoor in the BestWebSoft captcha plugin was found to affect 300,000 websites.

Earlier this year, researchers revealed vulnerabilities in Elementor and WP Super Cache that, if exploited, could allow an attacker to run arbitrary code and take over a site in certain scenarios.




Source link