4 matches found
CVE-2021-4134
The Fancy Product Designer WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the ID parameter found in the /inc/api/class-view.php file which allows attackers with administrative level permissions to inject arbitrary SQL queries to obtain sensiti...
CVE-2021-4134
The Fancy Product Designer WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the ID parameter found in the /inc/api/class-view.php file which allows attackers with administrative level permissions to inject arbitrary SQL queries to obtain sensiti...
CVE-2021-4134 Fancy Product Designer <= 4.7.4 Admin+ SQL Injection
The Fancy Product Designer WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the ID parameter found in the /inc/api/class-view.php file which allows attackers with administrative level permissions to inject arbitrary SQL queries to obtain sensiti...
CVE-2021-4134
CVE-2021-4134 relates to the Fancy Product Designer WordPress plugin. The vulnerability is a SQL injection caused by insufficient escaping/parameterization of the ID parameter in the file ~/inc/api/class-view.php, affecting versions up to and including 4.7.4. The issue is exploitable by attackers...