Fancy SVG Vulnerability

The Fancy Product Designer plugin for WordPress is a popular tool used to create product designs and layouts. However, due to insufficient input sanitization and output escaping in the data-to-image.php and pdf-to-image.php files, attackers can inject arbitrary web scripts into pages that will execute when a user accesses an SVG file uploaded through this plugin.

You're affected if you use Fancy Product Designer. Specific version info not stated in the advisory.

To fix this vulnerability:

1. Immediately update to Fancy Product Designer version 6.4.9 or later from the WordPress Plugin Directory (https://wordpress.org/plugins/fancy-product-designer/) or your preferred package manager.
2. Alternatively, if an immediate update isn't possible, restrict network access to your WordPress installation and monitor for suspicious SVG file uploads.

• codecanyon.net
• www.wordfence.com