Websites using Fancy Product Designer are susceptible to remote code execution attacks even if the plugin is deactivated
Cybercriminals have been actively exploiting a zero-day vulnerability in Fancy Product Designer, a WordPress plugin used by more than 17,000 websites, according to a blog post by Defiant, which makes Wordfence security plugins for the web publishing platform.
Attackers have been observed using the zero-day to deliver malware to the sites with the plugin installed. There is evidence indicating that the security loophole, which can be misused for full website takeover, was exploited as early as January 30th of this year.
The plugin enables users to customize any type of products ranging from clothing articles to accessories and household items by uploading their own images or PDF files. It is used by a variety of platforms, including WordPress, WooCommerce and Shopify.
“Unfortunately, while the plugin had some checks in place to prevent malicious files from being uploaded, these checks were insufficient and could easily be bypassed, allowing attackers to upload executable PHP files to any site with the plugin installed. This effectively made it possible for any attacker to achieve Remote Code Execution on an impacted site, allowing full site takeover,” warned Wordfence QA Engineer Ram Gall.
Based on Defiant’s analysis, the majority of the attacks appear to come from three specific IP addresses. The attackers are targeting e-commerce websites with the aim of getting their hands on order information from the vendor’s databases. The data that could be extracted from these orders may include customers’ personally identifiable information. Thich could spell problems for website operators since it puts them at risk of violating PCI-DSS (Payment Card Industr ..
Support the originator by clicking the read the rest link below.
