Radykal Fancy_product_designer

9 CVEs affecting Radykal Fancy_product_designer. Latest disclosed: 2024-05-06. Critical: 1, High: 3.

Top CVEs affecting Radykal Fancy_product_designer
CVESeverityScorePublishedSummary
CVE-2021-24370Critical9.82021-06-21The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution.
CVE-2021-4334High8.82023-10-20The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_…
CVE-2021-4096High8.82022-04-19The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it possible for attackers…
CVE-2021-4134High7.22022-02-16The Fancy Product Designer WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the ID parameter found in the ~…
CVE-2024-0365Medium6.52024-03-18The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL…
CVE-2024-0905Medium6.32024-04-26The Fancy Product Designer WordPress plugin before 6.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected…
CVE-2021-4335Medium6.32023-10-20The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability ch…
CVE-2024-0904Medium5.92024-05-06The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as adm…
CVE-2024-0902Medium4.82024-04-15The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as adm…