Premium WordPress plugin Fancy Product Designer from Radykal is susceptible to 2 essential severity flaws that stay unfixed within the present newest model.
With greater than 20,000 gross sales, the plugin permits customization of product designs (e.g. clothes, mugs, cellphone instances) on WooCommerce websites by altering colours, remodeling textual content, or modifying the scale.
Whereas inspecting the plugin, Patchstack’s Rafie Muhammad found on March 17, 2024, that the plugin was susceptible to the next two essential flaws:
- CVE-2024-51919 (CVSS rating: 9.0): Unauthenticated arbitrary file add vulnerability brought on by an insecure implementation of file add features ‘save_remote_file’ and ‘fpd_admin_copy_file,’ that don’t correctly validate or prohibit file varieties. Attackers can exploit this by supplying a distant URL to add malicious recordsdata, reaching distant code execution (RCE).
- CVE-2024-51818 (CVSS rating: 9.3): Unauthenticated SQL injection flaw brought on by the improper sanitization of person inputs as a result of using the inadequate ‘strip_tags.’ Consumer-supplied enter is straight built-in into database queries with out correct validation, doubtlessly resulting in database compromise, information retrieval, modification, and deletion.
Regardless of Patchstack notifying the seller of the problems a day after discovering them, Radykal by no means answered again.
On January 6, Patchstack added the failings to its database, and as we speak revealed a weblog publish to warn customers and lift consciousness in regards to the dangers.
Even after releasing 20 new variations, with the most recent being 6.4.3, launched 2 months in the past, the 2 essential safety points stay unpatched, Muhammad says.
Patchstack’s writeup offers adequate technical data for attackers to create exploits and begin focusing on internet shops that use Radykal’s Fancy Product Designer plugin.
As a normal advice, admins ought to stop arbitrary file uploads by creating an allowed record with protected file extensions. Moreover, Patchstack recommends to guard towards SQL injection by sanitizing the person’s enter for a question by doing a protected escape and format.
BleepingComputer has contacted Radycal to ask in the event that they plan on releasing a safety replace quickly, however a remark wasn’t instantly obtainable.
