The famous WordPress Plugin, Fancy Product Designer affected by a zero-day

Threat Level – Amber | Vulnerability Report
Download PDF

For a detailed advisory, download the pdf file here.

Hackers are actively exploiting a zero-day vulnerability on the famous Fancy Product Designer, a WordPress plugin, since May 16, 2021. This plugin has been installed on over 17,000 sites. Hive Pro Threat Research Team advises all the users to uninstall this plugin until an official patch is released.

Vulnerability Details

CVE IDAffected VersionsVulnerability Name
CVE-2021-243704.6.8Unauthenticated Arbitrary File Upload and Remote Code Execution in WordPress plugin Fancy Product Designer

Indicators of Compromise

IP ADdresses69.12.71.82


What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox