{"id":41189,"date":"2021-06-02T17:42:00","date_gmt":"2021-06-02T17:42:00","guid":{"rendered":"https:\/\/www.darkreading.com\/attacks-breaches\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/d\/d-id\/1341186"},"modified":"2021-06-02T17:42:00","modified_gmt":"2021-06-02T17:42:00","slug":"critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/","title":{"rendered":"Critical Zero-Day Discovered in Fancy Product Designer WordPress Plug-in"},"content":{"rendered":"
<\/div>\n
<\/header>\n

The plug-in under active attack has been installed on more than 17,000 websites, say researchers.<\/span><\/p>\n

A recently discovered critical file upload vulnerability is being actively exploited in Fancy Product Designer, a WordPress plug-in installed on more than 17,000 websites.<\/p>\n

Researchers from Wordfence, which develops security solutions to protect WordPress, says it found the vulnerability on Monday. The Wordfence Intelligence Team contacted the plug-in’s developer the same day and received a response within 24 hours. <\/p>\n

While the Wordfence firewall’s built-in file upload protection blocks most attacks targeting this vulnerability, the team found a bypass is possible in some configurations. Wordfence released a new firewall rule to premium customers on Monday, though websites running the free version of Wordfence will receive the rule after 30 days, on June 30.<\/p>\n

“As this is a Critical 0-day under active attack and is exploitable in some configurations even if the plugin has been deactivated, we urge anyone using this plugin to completely uninstall Fancy Product Designer, if possible, until a patched version is available,” Wordfence says in a statement.<\/p>\n

Wordfence says research finds the vulnerability is likely not being targeted on a large scale but has been exploited since at least May 16, 2021.<\/p>\n

More details are available here<\/a>.<\/p>\n

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio<\/a><\/span><\/p>\n

Recommended Reading:<\/strong><\/p>\n

More Insights<\/span><\/p>\n

Read More HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

The plug-in under active attack has been installed on more than 17,000 websites, say researchers. Read More HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-41189","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"\nCritical Zero-Day Discovered in Fancy Product Designer WordPress Plug-in 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical Zero-Day Discovered in Fancy Product Designer WordPress Plug-in 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-06-02T17:42:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Critical Zero-Day Discovered in Fancy Product Designer WordPress Plug-in\",\"datePublished\":\"2021-06-02T17:42:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/\"},\"wordCount\":262,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/\",\"name\":\"Critical Zero-Day Discovered in Fancy Product Designer WordPress Plug-in 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\",\"datePublished\":\"2021-06-02T17:42:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/#primaryimage\",\"url\":\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\",\"contentUrl\":\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Critical Zero-Day Discovered in Fancy Product Designer WordPress Plug-in\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Critical Zero-Day Discovered in Fancy Product Designer WordPress Plug-in 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/","og_locale":"en_US","og_type":"article","og_title":"Critical Zero-Day Discovered in Fancy Product Designer WordPress Plug-in 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-06-02T17:42:00+00:00","og_image":[{"url":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Critical Zero-Day Discovered in Fancy Product Designer WordPress Plug-in","datePublished":"2021-06-02T17:42:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/"},"wordCount":262,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/","url":"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/","name":"Critical Zero-Day Discovered in Fancy Product Designer WordPress Plug-in 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","datePublished":"2021-06-02T17:42:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/#primaryimage","url":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","contentUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/critical-zero-day-discovered-in-fancy-product-designer-wordpress-plug-in\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Critical Zero-Day Discovered in Fancy Product Designer WordPress Plug-in"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/41189","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=41189"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/41189\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=41189"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=41189"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=41189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}