Primary

Context

NotFound Fancy Product Designer Unauthenticated Arbitrary File Upload Vulnerability

Vulnerability

A vulnerability allowing unrestricted upload of files with dangerous types has been identified in the NotFound Fancy Product Designer WordPress plugin, affecting versions through 6.4.3. This arbitrary file upload vulnerability could enable a malicious actor to upload any type of file, including potentially harmful files like backdoors, which could be executed to gain further access to the website.

Impact

Exploitation of this vulnerability could lead to arbitrary file upload, allowing for the introduction of malicious files that could be executed on the server, potentially leading to a full compromise of the website.

Remediation

Users of the NotFound Fancy Product Designer WordPress plugin should update to version 6.4.4 or later. Patchstack users can enable auto-update for vulnerable plugins.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NotFound Fancy Product Designer Unauthenticated Arbitrary File Upload Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating