Heimdal
article featured image

Contents:

Security researchers have warned of a dangerous new zero day vulnerability contained in a WordPress plugin actively exploited in the wild to upload malware onto sites that have the plugin installed.

According to specialists, threat actors are scanning for sites running the Fancy Product Designer plugin installed on over 17.000 websites, enabling users to upload images and PDF files to products.

Fancy Product Designer is a tool that enables businesses and their customers to design and customize any kind of product, giving them absolute freedom in deciding which products and which parts of the product can be customized.

A zero day vulnerability is a software security bug that is familiar to the software seller but doesn’t have a patch in place to fix the flaw. Unfortunately, it can easily be exploited by threat actors.

This kind of vulnerability shows critical security risks, leaving devices vulnerable to zero day attacks, which can lead to potential damage to your computer or private information.

The security vulnerability is a severe remote code execution (RCE) flaw discovered by Wordfence threat analyst Charles Sweethill on Monday.

The WordPress version of the plugin is the one used in WooCommerce installations as well and is vulnerable.

Source

As for the plugin’s Shopify variant, cybercriminals would probably be blocked since it uses more rigorous access controls for websites hosted and functioning on its platform.

Threat actors who succeeded to exploit the Fancy Product Designer vulnerability can avoid built-in scans blocking harmful files uploading to deploy executable PHP files on websites where the plugin is installed.

This enables cybercriminals to gain complete control over unprotected websites following remote code execution (RCE) attacks.

Due to this vulnerability being actively attacked, we are publicly disclosing minimal details even though it has not yet been patched in order to alert the community to take precautions to keep their sites protected.

Source

While the vulnerability has only been used on a small scale, the attacks targeting the thousands of sites operating the Fancy Product Designer plugin have begun in mid-May.

Wordfence’s threat intelligence team, which came across the vulnerability, stated it announced the issue to the plugin’s developer at the end of May. While the bug has been acknowledged, it’s yet to be addressed.

However, users were urged to uninstall the plugin for the time being and wait until a patched release is available.

Indicators of compromise, including IP addresses used to organize these continuing attacks, can be found in WordFence’s report.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE