Premium WordPress plugin Fancy Product Designer from Radykal is weak to 2 vital severity flaws that stay unfixed within the present newest model.
With greater than 20,000 gross sales, the plugin permits customization of product designs (e.g. clothes, mugs, telephone circumstances) on WooCommerce websites by altering colours, reworking textual content, or modifying the dimensions.
Whereas analyzing the plugin, Patchstack’s Rafie Muhammad found on March 17, 2024, that the plugin was weak to the next two vital flaws:
- CVE-2024-51919 (CVSS rating: 9.0): Unauthenticated arbitrary file add vulnerability attributable to an insecure implementation of file add capabilities ‘save_remote_file’ and ‘fpd_admin_copy_file,’ that don’t correctly validate or prohibit file sorts. Attackers can exploit this by supplying a distant URL to add malicious recordsdata, attaining distant code execution (RCE).
- CVE-2024-51818 (CVSS rating: 9.3): Unauthenticated SQL injection flaw attributable to the improper sanitization of consumer inputs as a consequence of the usage of the inadequate ‘strip_tags.’ Consumer-supplied enter is instantly built-in into database queries with out correct validation, doubtlessly resulting in database compromise, knowledge retrieval, modification, and deletion.
Regardless of Patchstack notifying the seller of the problems a day after discovering them, Radykal by no means answered again.
On January 6, Patchstack added the failings to its database, and as we speak revealed a weblog submit to warn customers and lift consciousness in regards to the dangers.
Even after releasing 20 new variations, with the newest being 6.4.3, launched 2 months in the past, the 2 vital safety points stay unpatched, Muhammad says.
Patchstack’s writeup supplies enough technical info for attackers to create exploits and begin concentrating on internet shops that use Radykal’s Fancy Product Designer plugin.
As a common advice, admins ought to forestall arbitrary file uploads by creating an allowed checklist with secure file extensions. Moreover, Patchstack recommends to guard in opposition to SQL injection by sanitizing the consumer’s enter for a question by doing a secure escape and format.
BleepingComputer has contacted Radycal to ask in the event that they plan on releasing a safety replace quickly, however a remark wasn’t instantly out there.
