Jump to content
  • Critical WordPress plugin zero-day under active exploitation


    Karlston

    • 890 views
    • 2 minutes
     Share


    • 890 views
    • 2 minutes

    Critical WordPress plugin zero-day under active exploitation

     

    Threat actors are scanning for sites running the Fancy Product Designer plugin to exploit a zero-day bug allowing them to upload malware.

     

    Fancy Product Designer is a visual product configurator plugin for WordPress, WooCommerce, and Shopify, and it allows customers to customize products using their own graphics and content.

     

    According to sales statistics for the plugin, Fancy Product Designer has been sold and installed on more than 17,000 websites.

    Zero-day also impacts WooCommerce sites

    Zero-days are publicly disclosed vulnerabilities vendors haven't patched, which, in some cases, are also actively exploited in the wild or have publicly available proof-of-concept exploits.

     

    The security flaw is a critical severity remote code execution (RCE) vulnerability discovered by Wordfence security analyst Charles Sweethill on Monday.

     

    "The WordPress version of the plugin is the one used in WooCommerce installations as well and is vulnerable," threat analyst Ram Gall told BleepingComputer.

     

    When it comes to the plugin's Shopify version, attacks would likely be blocked, given that Shopify uses stricter access controls for sites hosted and running on its platform. 

    Vulnerable sites exposed to complete takeover

    Attackers who successfully exploit the Fancy Product Designer bug can bypass built-in checks blocking malicious files uploading to deploy executable PHP files on sites where the plugin is installed.

     

    This allows the threat actors to completely take over vulnerable sites following remote code execution attacks.

     

    "Due to this vulnerability being actively attacked, we are publicly disclosing with minimal details even though it has not yet been patched in order to alert the community to take precautions to keep their sites protected," Gall said.

     

    While the vulnerability has only been exploited on a small scale, the attacks targeting the thousands of sites running the Fancy Product Designer plugin have started more than two weeks ago, on May 16, 2021.

     

    Since the vulnerability is under active exploitation and was rated as critical severity, customers are advised to uninstall the plugin until a patched release is available.

     

    Indicators of compromise, including IP addresses used to launch these ongoing attacks, are available at the end of WordFence's report.

     

    The Fancy Product Designer development team did not reply to BleepingComputer's request for comment before the article was published.

     

     

    Critical WordPress plugin zero-day under active exploitation


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...