Hackers‌ ‌Actively‌ ‌Exploiting‌ ‌0-Day‌ ‌in WordPress Plugin Installed on Over ‌17,000‌ ‌Sites

June 2, 2021
Hackers‌ ‌Actively‌ ‌Exploiting‌ ‌0-Day‌ ‌in WordPress Plugin Installed on Over ‌17,000‌ ‌Sites
Share this article with your friends!

Fancy Product Designer, a WordPress plugin installed on over 17,000 sites, has been discovered to contain a critical file upload vulnerability that’s being actively exploited in the wild to upload malware onto sites that have the plugin installed.

Wordfence’s threat intelligence team, which discovered the flaw, said it reported the issue to the plugin’s developer on May 31. While the flaw has been acknowledged, it’s yet to be addressed.

Fancy Product Designer is a tool that enables businesses to offer customizable products, allowing customers to design any kind of item ranging from T-shirts to phone cases by offering the ability to upload images and PDF files that can be added to the products.

“Unfortunately, while the plugin had some checks in place to prevent malicious files from being uploaded, these checks were insufficient and could easily be bypassed, allowing attackers to upload executable PHP files to any site with the plugin installed,” Wordfence said in a write-up published on Tuesday.

WordPress Plugin ‌IoC's

fancy wordpress hacking

Armed with this capability, an attacker can achieve remote code execution on an affected website, allowing full site takeover, the researchers noted. Wordfence has not shared the technical specifics of the vulnerability as it’s under active attack.

Wordfence said that the critical zero-day could be exploited in select configurations even if the plugin has been deactivated, urging users to completely uninstall Fancy Product Designer until a patched version becomes available.

This is far from the first time Wordfence has disclosed severe issues in WordPress plugins. In December 2017, a hidden backdoor in BestWebSoft captcha plugin was found to affect 300,000 sites.

Then earlier this year, the researchers revealed vulnerabilities in Elementor and WP Super Cache that, if successfully exploited, could allow an attacker to run arbitrary code and take over a website in certain scenarios.

If you find it interesting, you can read:

Apple AirTag Successfully Hacked

Step by Step Tutorial – How To Perform A Network Security Vulnerability Assessment

Vulnerability Management Process: Scanning, Prioritizing, and Remediating

What are the different roles within cybersecurity in 2021?

What Does It Take To Be a Cybersecurity Researcher?

How to recognize deepfake in 2021

Ref: THN

JOIN OUR NEWSLETTER
Join over 1.000 visitors who are receiving our newsletter and get free eBooks, breaking news, learn how secure your data, your company accounts, database, clients passwords, get the best security advice and more.
We hate spam. Your email address will not be sold or shared with anyone else.

Share this article with your friends!