🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Fancy Product Designer

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Fancy Product Designer

Information

Software Type	Plugin
Software Slug	fancy-product-designer
Software Status	Active
Software Author	Unknown

8 Vulnerabilities

Fancy Product Designer < 6.1.81 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-0902

Mar 25, 2024

Researcher: Bob Matyas

Fancy Product Designer <= 6.1.4 - Authenticated (Admin+) SQL Injection

9.1

CVE-2024-0365

Feb 20, 2024

Researcher: Ivan Spiridonov (xbz0n)

Fancy Product Designer <= 4.6.9 - Insufficient Authorization to Arbitrary Options Update via fpd_update_options

8.8

CVE-2021-4334

Apr 5, 2023

Researcher: Ram

Fancy Product Designer <= 4.6.9 - Insufficient Authorization on Mulitple AJAX Actions

6.3

CVE-2021-4335

Apr 5, 2023

Researcher: Ram

Fancy Product Designer <= 4.7.5 - Cross-Site Request Forgery to Arbitrary File Upload

8.8

CVE-2021-4096

Apr 14, 2022

Researcher: Lin Yu

Fancy Product Designer <= 4.7.4 - Admin+ SQL Injection

7.2

CVE-2021-4134

Feb 8, 2022

Researcher: Lin Yu

Fancy Product Designer <= 4.6.8 - Unauthenticated Arbitrary File Upload

9.8

CVE-2021-24370

Jun 1, 2021

Researchers: Charles Sweethill, Ram

Fancy Product Designer <= 4.5.0 - Stored Cross-Site Scripting

6.4

CVE ID Unknown

Nov 18, 2020

Researcher: Jonathan Gregson

Title	CVE ID	CVSS	Researchers	Date
Fancy Product Designer < 6.1.81 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-0902	4.4	Bob Matyas	March 25, 2024
Fancy Product Designer <= 6.1.4 - Authenticated (Admin+) SQL Injection	CVE-2024-0365	9.1	Ivan Spiridonov (xbz0n)	February 20, 2024
Fancy Product Designer <= 4.6.9 - Insufficient Authorization to Arbitrary Options Update via fpd_update_options	CVE-2021-4334	8.8	Ram	April 5, 2023
Fancy Product Designer <= 4.6.9 - Insufficient Authorization on Mulitple AJAX Actions	CVE-2021-4335	6.3	Ram	April 5, 2023
Fancy Product Designer <= 4.7.5 - Cross-Site Request Forgery to Arbitrary File Upload	CVE-2021-4096	8.8	Lin Yu	April 14, 2022
Fancy Product Designer <= 4.7.4 - Admin+ SQL Injection	CVE-2021-4134	7.2	Lin Yu	February 8, 2022
Fancy Product Designer <= 4.6.8 - Unauthenticated Arbitrary File Upload	CVE-2021-24370	9.8	Charles Sweethill, Ram	June 1, 2021
Fancy Product Designer <= 4.5.0 - Stored Cross-Site Scripting		6.4	Jonathan Gregson	November 18, 2020

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation