Wordfence’s threat intelligence team discovered a critical file upload vulnerability in a WordPress plugin that’s being actively exploited in the wild to upload malware onto sites that have the plugin installed. The plugin, Fancy Product Designer, is a tool that enables businesses to offer customizable products, allowing customers to design any kind of item ranging from T-shirts to phone cases. The flaw has been acknowledged, but it’s yet to be addressed. The maintainers of the plugin have released an update to fix the vulnerability.
Source: https://thehackernews.com/2021/06/hackers-actively-exploiting-0-day-in.html