Radykal Fancy Product Designer — known CVE vulnerabilities
Every CVE whose affected-product data names Radykal Fancy Product Designer, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2021-24370 — CVSS 9.8 (critical): The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote…
CVE-2021-4334 — CVSS 8.8 (high): The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability…
CVE-2021-4096 — CVSS 8.8 (high): The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it…
CVE-2021-4134 — CVSS 7.2 (high): The Fancy Product Designer WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the ID…
CVE-2024-0365 — CVSS 6.5 (medium): The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL…
CVE-2024-0905 — CVSS 6.3 (medium): The Fancy Product Designer WordPress plugin before 6.1.8 does not sanitise and escape a parameter before outputting it back in the page…
CVE-2021-4335 — CVSS 6.3 (medium): The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a…
CVE-2024-0904 — CVSS 5.9 (medium): The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high…
CVE-2024-0902 — CVSS 4.8 (medium): The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high…