CVE-2021-4096

 

Published at: - 19-04-2022 11:15

Last modified: - 27-04-2022 06:11

Total changes: - 3

Description

The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

 

Verification logic

 

Reference

• https://support.fancyproductdesigner.com/support/discussions/topics/13000031615
• https://www.wordfence.com/vulnerability-advisories/#CVE-2021-4096

 

Keywords

NVD

 

CVE-2021-4096

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures