The plugin is vulnerable to Cross-Site Request Forgery via the FPD_Admin_Import class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server via a CSRF attack
CPE | Name | Operator | Version |
---|---|---|---|
fancy-product-designer | lt | 4.7.6 |