⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2021-24370

CWE-434Unrestricted File Upload6 documents6 sources
Severity
9.8CRITICAL
EPSS
79.8%
top 0.90%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Unknown Fancy Product DesignerRadykal Fancy Product Designer
Timeline
PublishedJun 21
Latest updateMay 24

Description

The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5unknown/fancy_product_designer4.6.94.6.9

🔴Vulnerability Details

3
GHSA
GHSA-x5g3-h6vq-mcw4: The Fancy Product Designer WordPress plugin before 42022-05-24
CVEList
Fancy Product Designer < 4.6.9 - Unauthenticated Arbitrary File Upload and RCE2021-06-21
VulnCheck
radykal fancy_product_designer Unrestricted Upload of File with Dangerous Type2021

💥Exploits & PoCs

1
Nuclei
WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload

💬Community

1
Bugzilla
CVE-2020-24370 lua: segmentation fault in getlocal and setlocal functions in ldebug.c2020-08-19