.. / CVE-2021-24370

Exploit for WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload (CVE-2021-24370)

Description:

WordPress Fancy Product Designer plugin before 4.6.9 is susceptible to an arbitrary file upload. An attacker can upload malicious files and execute code on the server, modify data, and/or gain full control over a compromised system without authentication.

Nuclei Template

View the template here CVE-2021-24370.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-24370.yaml

References:

https://www.secpod.com/blog/critical-zero-day-flaw-actively-exploited-in-wordpress-fancy-product-designer-plugin/
https://wpscan.com/vulnerability/82c52461-1fdc-41e4-9f51-f9dd84962b38
https://nvd.nist.gov/vuln/detail/CVE-2021-24370
https://www.wordfence.com/blog/2021/06/critical-0-day-in-fancy-product-designer-under-active-attack/
https://seclists.org/fulldisclosure/2020/Nov/30

.. / CVE-2021-24370 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload (CVE-2021-24370)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-24370