Are you one of those who fancy using WordPress plugins? Or are you using the Fancy Product Designer plugin?  If yes, then you might be in trouble…

Fancy Product Designer, a WordPress plugin is one of the best visual product configurator plugins for WordPress, Shopify, and WooCommerce. It is famous for creating a unique page design and customizing products, using its own graphics and content. 

However, today we are not here to talk about the capabilities of this plugin or the features. Rather, we will be talking about how hackers are exploiting a zero-day vulnerability in the Fancy Product Designer plugin to upload malware onto sites that have the plugin installed.

Take a Moment to Stay Tuned Forever

Subscribe to get weekly cyber security updates!


According to a report from The Hacker News, there are more than 17,000 websites that have installed the WordPress plugin.

The content management system provider found the vulnerability on May 31 and is believed to have contacted the plugin’s developer on the same day.

Hackers to Takeover

The experts noted that the cyber criminals who successfully exploit the plugin bug will be able to take over the vulnerable sites completely by following remote code execution attacks. 

This attacker appears to be targeting e-commerce sites and attempting to extract order information from site databases.” threat analyst Ram Gall said.

As this order information contains personally identifiable information from customers, site owners are in a particularly difficult position if they are still running vulnerable versions of this plugin as it risks the e-commerce merchant’s PCI-DSS compliance.

“This effectively makes it possible for any attacker to achieve Remote Code Execution on an impacted site, allowing full site takeover.” Gall added.

Security Patches

It is a critical severity since cyber criminals are exploiting the vulnerabilities. Therefore, users are advised to install the Fancy Product Designer 4.6.9 patched version that was released on June 2 immediately. Which you should be able to by visiting the product page at

Turn Your Employees Into A Cyber Threat Shield

Make your employees proactive against prevailing cyber attacks with ThreatCop!

About The Author

Leave a comment

Your email address will not be published. Required fields are marked *