all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2021-4334 (fancy_product_designer)

Add to bookmarks
Oct. 20, 2023, 8:15 a.m. |

National Vulnerability Database web.nvd.nist.gov

The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation.

attackers check cve default designer escalation fancy product designer function missing modification options permissions plugin privilege privilege escalation product role vulnerable wordpress

Visit resource

More from web.nvd.nist.gov / National Vulnerability Database

CVE-2023-45955 (lightstrip_firmware) 6 months ago | web.nvd.nist.gov
attackers cve denial of service issue +1
CVE-2023-40101 (android) 6 months ago | web.nvd.nist.gov
android check collapse cve +7
CVE-2023-21377 (android) 6 months ago | web.nvd.nist.gov
android bypass cve disclosure +8
CVE-2023-21380 (android) 6 months ago | web.nvd.nist.gov
android bluetooth buffer buffer overflow +9
CVE-2023-21382 (android) 6 months ago | web.nvd.nist.gov
access android check cve +11
CVE-2023-21381 (android) 6 months ago | web.nvd.nist.gov
android arbitrary code code code execution +10
CVE-2023-21385 (android) 6 months ago | web.nvd.nist.gov
android corruption cve disclosure +7
CVE-2023-21387 (android) 6 months ago | web.nvd.nist.gov
android backup bypass cve +11
CVE-2023-21389 (android) 6 months ago | web.nvd.nist.gov
android bypass check cve +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Sr. Cloud Security Engineer

@ BLOCKCHAINS | USA - Remote
View on infosec-jobs.com

Network Security (SDWAN: Velocloud) Infrastructure Lead

@ Sopra Steria | Noida, Uttar Pradesh, India
View on infosec-jobs.com

Senior Python Engineer, Cloud Security

@ Darktrace | Cambridge
View on infosec-jobs.com

Senior Security Consultant

@ Nokia | United States
View on infosec-jobs.com

Manager, Threat Operations

@ Ivanti | United States, Remote
View on infosec-jobs.com

Lead Cybersecurity Architect - Threat Modeling | AWS Cloud Security

@ JPMorgan Chase & Co. | Columbus, OH, United States
View on infosec-jobs.com
View more jobs