Radykal

Fancy Product Designer

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-15526

  • EPSS 0.02%
  • Veröffentlicht 16.01.2026 04:44:34
  • Zuletzt bearbeitet 16.01.2026 15:55:12

The Fancy Product Designer plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 6.4.8. This is due to improper error handling in the PDF upload functionality that exposes server filesystem paths and stack t...

6.5

CVE-2025-13231

  • EPSS 0.04%
  • Veröffentlicht 16.12.2025 08:20:24
  • Zuletzt bearbeitet 16.12.2025 14:10:11

The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use (TOCTOU) race condition in the 'url' parameter of the fpd_custom_uplo...

5.9

CVE-2025-13439

  • EPSS 0.04%
  • Veröffentlicht 16.12.2025 07:21:05
  • Zuletzt bearbeitet 22.01.2026 02:15:50

The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure and PHAR Deserialization in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the 'url' parameter of the ...

7.2

CVE-2025-12570

  • EPSS 0.15%
  • Veröffentlicht 12.12.2025 06:32:57
  • Zuletzt bearbeitet 12.12.2025 15:17:31

The Fancy Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping in the data-to-image.php and pdf-...

5.9

CVE-2024-0904

Exploit
  • EPSS 0.43%
  • Veröffentlicht 06.05.2024 06:15:06
  • Zuletzt bearbeitet 08.05.2025 16:28:11

The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability ...

6.3

CVE-2024-0905

Exploit
  • EPSS 0.29%
  • Veröffentlicht 26.04.2024 05:15:49
  • Zuletzt bearbeitet 08.05.2025 19:14:27

The Fancy Product Designer WordPress plugin before 6.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against unauthenticated and admin-level users

4.8

CVE-2024-0902

Exploit
  • EPSS 0.12%
  • Veröffentlicht 15.04.2024 05:15:14
  • Zuletzt bearbeitet 07.04.2025 14:56:12

The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability ...

6.5

CVE-2024-0365

Exploit
  • EPSS 0.32%
  • Veröffentlicht 18.03.2024 19:15:06
  • Zuletzt bearbeitet 05.05.2025 15:15:56

The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators.

8.8

CVE-2021-4334

  • EPSS 0.11%
  • Veröffentlicht 20.10.2023 08:15:11
  • Zuletzt bearbeitet 21.11.2024 06:37:26

The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authen...

6.3

CVE-2021-4335

  • EPSS 0.05%
  • Veröffentlicht 20.10.2023 07:15:14
  • Zuletzt bearbeitet 21.11.2024 06:37:26

The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possi...