Threat Actors Are Actively Exploiting Zero Day Vulnerability in WordPress Plugin
This Zero Day Vulnerability Could Allow Attackers to Upload Executable PHP Files to Any Site with the Plugin Installed.
Security researchers have warned of a dangerous new zero day vulnerability contained in a WordPress plugin actively exploited in the wild to upload malware onto sites that have the plugin installed.
According to specialists, threat actors are scanning for sites running the Fancy Product Designer plugin installed on over 17.000 websites, enabling users to upload images and PDF files to products.
Fancy Product Designer is a tool that enables businesses and their customers to design and customize any kind of product, giving them absolute freedom in deciding which products and which parts of the product can be customized.
A zero day vulnerability is a software security bug that is familiar to the software seller but doesn’t have a patch in place to fix the flaw. Unfortunately, it can easily be exploited by threat actors.
This kind of vulnerability shows critical security risks, leaving devices vulnerable to zero day attacks, which can lead to potential damage to your computer or private information.
The security vulnerability is a severe remote code execution (RCE) flaw discovered by Wordfence threat analyst Charles Sweethill on Monday.
The WordPress version of the plugin is the one used in WooCommerce installations as well and is vulnerable.
As for the plugin’s Shopify variant, cybercriminals would probably be blocked since it uses more rigorous access controls for websites hosted and functioning on its platform.
Threat actors who succeeded to exploit the Fancy Product Designer vulnerability can avoid built-in scans blocking harmful files uploading to deploy executable PHP files on websites where the plugin is installed.
This enables cybercriminals to gain complete control over unprotected websites following remote code execution (RCE) attacks.
Due to this vulnerability being actively attacked, we are publicly disclosing minimal details even though it has not yet been patched in order to alert the community to take precautions to keep their sites protected.
While the vulnerability has only been used on a small scale, the attacks targeting the thousands of sites operating the Fancy Product Designer plugin have begun in mid-May.
Wordfence’s threat intelligence team, which came across the vulnerability, stated it announced the issue to the plugin’s developer at the end of May. While the bug has been acknowledged, it’s yet to be addressed.
However, users were urged to uninstall the plugin for the time being and wait until a patched release is available.
Indicators of compromise, including IP addresses used to organize these continuing attacks, can be found in WordFence’s report.