CVE-2021-4334 - OpenCVE

The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Radykal	Fancy Product Designer

Configuration 1 [-]

cpe:2.3:a:radykal:fancy_product_designer:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://support.fancyproductdesigner.com/support/discussions/topics/13000029981
https://www.wordfence.com/threat-intel/vulnerabilities/id/ea097cb7-85f4-4b6d-9f29-bc2636993f21?source=cve

History

No history.

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2023-10-20T07:29:38.814Z

Updated: 2024-09-11T15:54:26.437Z

Reserved: 2023-04-05T18:21:59.693Z

Link: CVE-2021-4334

Vulnrichment

Updated: 2024-08-03T17:23:10.547Z

NVD

Status : Modified

Published: 2023-10-20T08:15:11.560

Modified: 2023-11-07T03:40:43.277

Link: CVE-2021-4334

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2021-4334", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2023-04-05T18:21:59.693Z", "datePublished": "2023-10-20T07:29:38.814Z", "dateUpdated": "2024-09-11T15:54:26.437Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-10-20T07:29:38.814Z"}, "affected": [{"vendor": "Unknown", "product": "Fancy Product Designer", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "4.6.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation."}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea097cb7-85f4-4b6d-9f29-bc2636993f21?source=cve"}, {"url": "https://support.fancyproductdesigner.com/support/discussions/topics/13000029981"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-285 Improper Authorization"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Ramuel Gall"}], "timeline": [{"time": "2021-06-09T00:00:00.000+00:00", "lang": "en", "value": "Vendor Notified"}, {"time": "2023-04-05T00:00:00.000+00:00", "lang": "en", "value": "Disclosed"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:23:10.547Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea097cb7-85f4-4b6d-9f29-bc2636993f21?source=cve", "tags": ["x_transferred"]}, {"url": "https://support.fancyproductdesigner.com/support/discussions/topics/13000029981", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-11T15:23:45.749966Z", "id": "CVE-2021-4334", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T15:54:26.437Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea097cb7-85f4-4b6d-9f29-bc2636993f21?source=cve", "tags": ["x_transferred"]}, {"url": "https://support.fancyproductdesigner.com/support/discussions/topics/13000029981", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T17:23:10.547Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-4334", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-11T15:23:45.749966Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-11T15:54:21.440Z"}}], "cna": {"credits": [{"lang": "en", "type": "finder", "value": "Ramuel Gall"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "Unknown", "product": "Fancy Product Designer", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "4.6.9"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2021-06-09T00:00:00.000+00:00", "value": "Vendor Notified"}, {"lang": "en", "time": "2023-04-05T00:00:00.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea097cb7-85f4-4b6d-9f29-bc2636993f21?source=cve"}, {"url": "https://support.fancyproductdesigner.com/support/discussions/topics/13000029981"}], "descriptions": [{"lang": "en", "value": "The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-285 Improper Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2023-10-20T07:29:38.814Z"}}}, "cveMetadata": {"cveId": "CVE-2021-4334", "state": "PUBLISHED", "dateUpdated": "2024-09-11T15:54:26.437Z", "dateReserved": "2023-04-05T18:21:59.693Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2023-10-20T07:29:38.814Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:radykal:fancy_product_designer:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "71A93E72-A3FE-4AFC-96EB-88362E89A093", "versionEndExcluding": "4.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation."}, {"lang": "es", "value": "El complemento Fancy Product Designer para WordPress es vulnerable a modificaciones no autorizadas de las opciones del sitio debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n fpd_update_options en versiones hasta la 4.6.9 incluida. Esto hace posible que los atacantes autenticados con permisos a nivel de suscriptor modifiquen las opciones del sitio, incluida la configuraci\u00f3n del rol predeterminado de administrador, lo que puede permitir la escalada de privilegios."}], "id": "CVE-2021-4334", "lastModified": "2023-11-07T03:40:43.277", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2023-10-20T08:15:11.560", "references": [{"source": "security@wordfence.com", "tags": ["Release Notes"], "url": "https://support.fancyproductdesigner.com/support/discussions/topics/13000029981"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ea097cb7-85f4-4b6d-9f29-bc2636993f21?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}