Palo Alto Networks Unit 42 cybersecurity experts: The malware group claims to be part of the well-known firm, but there is no indication about a relation.
A critical vulnerability in WordPress’s Fancy Product Designer is under active attack. Wordfence cybersecurity experts: The developer just released a patched version of the plugin, install it now!
A critical vulnerability in WordPress’s Fancy Product Designer has been under active attack and is exploitable in some configurations, even if the plugin has been deactivated. It has been denounced by Wordfence cybersecurity experts, who underlined that the developer just released a patched version of the plugin. Fancy Product Designer offers the ability for customers to upload images and PDF files to be added to products. Unfortunately, while the plugin had some checks in place to prevent malicious files from being uploaded, these were insufficient and could easily be bypassed, allowing attackers to upload executable PHP files to any site with the plugin installed. This effectively made it possible for any attacker to achieve Remote Code Execution on an impacted site, allowing full site takeover.