4 matches found
WordPress Product Designer Plugin <= 1.0.35 is vulnerable to Cross Site Scripting (XSS)
Software Product Designer Type Plugin Vulnerable versions = 1.0.35 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9111 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 972d8d8742f9 Credits Francesco Carlucci...
CVE-2024-31277 WordPress Product Designer plugin <= 1.0.32 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32...
Cross site request forgery (csrf)
The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPDAdminImport class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5...
Fancy Product Designer < 4.7.5 - Admin+ SQL Injection
The plugin is vulnerable to SQL Injection due to insufficient escaping and validation of the ID parameter found in the /inc/api/class-view.php file which allows attackers with administrative level permissions to inject arbitrary SQL queries to obtain sensitive information...