Menace actors are scanning for websites working the Fancy Product Designer plugin to use a zero-day bug permitting them to add malware.
Fancy Product Designer is a visible product configurator plugin for WordPress, WooCommerce, and Shopify, and it permits clients to customise merchandise utilizing their very own graphics and content material.
Based on gross sales statistics for the plugin, Fancy Product Designer has been bought and put in on greater than 17,000 web sites.
Zero-day additionally impacts WooCommerce websites
Zero-days are publicly disclosed vulnerabilities distributors have not patched, which, in some circumstances, are additionally actively exploited within the wild or have publicly accessible proof-of-concept exploits.
“The WordPress model of the plugin is the one utilized in WooCommerce installations as nicely and is susceptible,” menace analyst Ram Gall informed BleepingComputer.
On the subject of the plugin’s Shopify model, assaults would doubtless be blocked, on condition that Shopify makes use of stricter entry controls for websites hosted and working on its platform.
Weak websites uncovered to finish takeover
Attackers who efficiently exploit the Fancy Product Designer bug can bypass built-in checks blocking malicious information importing to deploy executable PHP information on websites the place the plugin is put in.
This permits the menace actors to fully take over susceptible websites following distant code execution assaults.
“Resulting from this vulnerability being actively attacked, we’re publicly disclosing with minimal particulars regardless that it has not but been patched with a purpose to alert the group to take precautions to maintain their websites protected,” Gall said.
Whereas the vulnerability has solely been exploited on a small scale, the assaults focusing on the hundreds of web sites working the Fancy Product Designer plugin have began greater than two weeks in the past, on Could 16, 2021.
For the reason that vulnerability is underneath lively exploitation and was rated as essential severity, clients are suggested to uninstall the plugin till a patched launch is obtainable.
Indicators of compromise, together with IP addresses used to launch these ongoing assaults, can be found on the finish of WordFence’s report.
The Fancy Product Designer growth crew didn’t reply to BleepingComputer’s request for remark earlier than the article was revealed.