CVE-2024-0365

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
18/03/2024
Last modified:
05/05/2025

Description

The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:radykal:fancy_product_designer:*:*:*:*:*:wordpress:*:* 6.1.5 (excluding)