Summary: The Fancy Product Designer plugin for WordPress by Radykal has two critical vulnerabilities that remain unpatched, posing significant risks to users. These flaws allow for unauthenticated arbitrary file uploads and SQL injection attacks, which could lead to remote code execution and database compromise.
Threat Actor: Unknown | unknown
Victim: Radykal | Radykal
Key Point :
- Two critical vulnerabilities identified: CVE-2024-51919 (arbitrary file upload) and CVE-2024-51818 (SQL injection).
- Despite notification from Patchstack, Radykal has not responded or released a fix.
- Patchstack advises users to implement security measures to mitigate risks associated with these vulnerabilities.
Views: 0