What is CVE-2021-24370?

CVE-2021-24370 is a vulnerability in Fancy Product Designer, classified under Unrestricted Upload of File with Dangerous Type. Published 2021-06-21.

Is CVE-2021-24370 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Arbitrary file upload in Fancy Product Designer

CVE-2021-24370

The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution.

Vulnerability class: Unrestricted File Upload

EPSS: 0.798 (99.1th percentile) — read the EPSS interpretation.

Affected products

Unknown Fancy Product Designer — versions 4.6.9

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates

References

wpscan.com/vulnerability/82c52461-1fdc-41e4-9f51-f9dd84962b38
www.wordfence.com/blog/2021/06/critical-0-day-in-fancy-product-designer-under-a…
lists.openwall.net/full-disclosure/2020/11/17/2
seclists.org/fulldisclosure/2020/Nov/30
www.secpod.com/blog/critical-zero-day-flaw-actively-exploited-in-wordpress-fanc…

Frequently asked questions

What is CVE-2021-24370?: CVE-2021-24370 is a vulnerability in Fancy Product Designer, classified under Unrestricted Upload of File with Dangerous Type. Published 2021-06-21.
Is CVE-2021-24370 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.