Another top WordPress plugin found carrying critical security flaws
Posted by:
Emma Walker
A recent report by cybersecurity researchers at Patchstack has shed light on two new critical vulnerabilities discovered in the popular WordPress plugin Fancy Product Designer, developed by Radykal. The flaws, which include unauthenticated arbitrary file upload and SQL injection, could potentially result in remote code execution and full website takeover. Despite Patchstack notifying the vendor of the issues back in March 2024, the vulnerabilities still persist in the latest plugin version (6.4.3). To mitigate the risks, web admins are advised to restrict file extensions and sanitize user input to prevent potential attacks. For more information on cybersecurity threats, you can visit BleepingComputer and check out their latest articles on the topic.
Recent Posts1
