4 matches found
CVE-2025-13231 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition
The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use TOCTOU race condition in the 'url' parameter of the fpdcustomuplodfile AJAX action. The plugin validates the URL by...
CVE-2025-13231 Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Server-Side Request Forgery via Race Condition
The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use TOCTOU race condition in the 'url' parameter of the fpdcustomuplodfile AJAX action. The plugin validates the URL by...
PT-2025-51468
The Fancy Product Designer plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.4.8. This is due to a time-of-check/time-of-use TOCTOU race condition in the 'url' parameter of the fpd custom uplod file AJAX action. The plugin validates the URL ...
WordPress plugin Fancy Product Designer 信息泄露漏洞
WordPress Fancy Product Designer plugin is an e-commerce plugin designed for the WordPress platform, mainly used to implement the product online customization function. WordPress Fancy Product Designer plugin has an information disclosure vulnerability, the vulnerability stems from the url...