Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2025/12/16 8:20 a.m.3 views

CVE-2025-13231 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition

The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use TOCTOU race condition in the 'url' parameter of the fpdcustomuplodfile AJAX action. The plugin validates the URL by...

6.5CVSS5.7AI score0.00151EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/16 8:20 a.m.29 views

CVE-2025-13231 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition

The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use TOCTOU race condition in the 'url' parameter of the fpdcustomuplodfile AJAX action. The plugin validates the URL by...

6.5CVSS0.00151EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.6 views

PT-2025-51468

The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use TOCTOU race condition in the 'url' parameter of the fpd custom uplod file AJAX action. The plugin validates the URL ...

6.5CVSS6AI score0.00151EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.5 views

WordPress plugin Fancy Product Designer 信息泄露漏洞

WordPress Fancy Product Designer plugin is an e-commerce plugin designed for the WordPress platform, mainly used to implement the product online customization function. WordPress Fancy Product Designer plugin has an information disclosure vulnerability, the vulnerability stems from the url...

5.9CVSS6.2AI score0.0026EPSS
Exploits0References3
Rows per page
Query Builder