Fancy Product Designer for WooCommerce – Stored XSS via SVG upload

Posted by Jonathan Gregson via Fulldisclosure on Nov 17

## About Fancy Product Designer for WooCommerce
Fancy Product Designer for WooCommerce is a WordPress plugin which allows users to design custom products in a vendor’s
WooCommerce store. It is sold through the third-party marketplace “Envato Market” and boasts over 15,000 sales.

## Stored XSS via SVG upload
Fancy Product Designer for WooCommerce before version 4.5.1 permits the upload of unsanitized SVG files by
unauthenticated…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source