Unpatched Vulnerabilities in Fancy Product Designer and SonicWall Firmware
2025-01-09
Learn about the critical importance of timely patch management and how unpatched vulnerabilities can lead to severe security risks, providing an opportunity to highlight the need for robust security solutions.
The Fancy Product Designer WordPress plugin has two critical security vulnerabilities that remain unpatched, affecting over 20,000 users. These vulnerabilities allow unauthenticated arbitrary file uploads and SQL injection, leading to potential remote code execution and database compromise. Despite being informed of these issues in March 2024, the vendor has not addressed them in their updates. Meanwhile, SonicWall has issued a patch for a high-severity vulnerability in its SSL VPN and SSH management, urging immediate updates to prevent exploitation. The patch also addresses additional security issues, including a weak PRNG and SSRF vulnerability.
Patch Management, Web App/Website Vulnerability, Privilege Escalation, Open Source
WordPress, Fancy Product Designer, SonicWall, CVE-2024-51919, CVE-2024-51818, SQL Injection, Remote Code Execution, SSL VPN
CVE-2024-51919; CVE-2024-51818; CVE-2024-53704; CVE-2024-40762; CVE-2024-53705; CVE-2024-53706
WordPress, WooCommerce, SonicWall, SSL VPN, SSH, SonicOS, AWS, Azure
The Fancy Product Designer plugin for WordPress, widely used for customizing products on WooCommerce sites, has two critical security vulnerabilities. Despite being reported to the vendor in March 2024, these flaws remain unpatched in the latest version, affecting over 20,000 users. One of the vulnerabilities, identified as CVE-2024-51919, involves an unauthenticated arbitrary file upload issue. This flaw is due to insecure file upload functions, specifically The second vulnerability, CVE-2024-51818, is an unauthenticated SQL injection flaw. This issue arises from improper sanitization of user inputs, using insufficient methods like Despite the severity of these vulnerabilities, the vendor, Radykal, has not responded to notifications or addressed these issues in subsequent updates, including version 6.4.3 released two months ago. As a precaution, administrators are advised to create an allowed list for safe file extensions to prevent arbitrary file uploads and to sanitize user inputs properly to mitigate SQL injection risks. Meanwhile, SonicWall has urged customers to update their firewall's SonicOS firmware to address an authentication bypass vulnerability in SSL VPN and SSH management. This flaw, tracked as CVE-2024-53704, poses a high risk of exploitation. SonicWall has released patches as of January 6, 2025, and advises immediate installation. Other vulnerabilities addressed include a weak pseudo-random number generator (CVE-2024-40762) that could allow attackers to predict authentication tokens, a server-side request forgery (CVE-2024-53705) enabling arbitrary TCP connections, and a privilege escalation flaw in Gen7 SonicOS Cloud NSv (CVE-2024-53706) allowing code execution. To mitigate these vulnerabilities, SonicWall recommends limiting SSL VPN access to trusted sources and restricting SSH management access, potentially disabling internet access entirely if not necessary.Critical Vulnerabilities in Fancy Product Designer Plugin
Unauthenticated Arbitrary File Upload
save_remote_file and fpd_admin_copy_file, which do not properly validate or restrict file types. Attackers can exploit this by providing a remote URL to upload malicious files, potentially leading to remote code execution on the affected site.Unauthenticated SQL Injection
strip_tags. As a result, attackers can inject malicious input directly into database queries, which could compromise the database by allowing data retrieval, modification, or deletion.Vendor Response and Recommendations
SonicWall Urges Immediate Patching
Additional SonicWall Vulnerabilities
Mitigation Strategies