Vulnerability-Lookup

CNVD-2025-31115

Vulnerability from cnvd - Published: 2025-12-23

Title

WordPress Fancy Product Designer plugin信息泄露漏洞

Description

WordPress Fancy Product Designer plugin是一款专为WordPress平台设计的电子商务插件，主要用于实现产品在线定制功能。 WordPress Fancy Product Designer plugin存在信息泄露漏洞，该漏洞源于fpd_custom_uplod_file AJAX操作中的url参数对用户提供的输入验证不足，攻击者可利用该漏洞获取敏感信息。

Severity

中

Patch Name

WordPress Fancy Product Designer plugin信息泄露漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级程序修复该安全问题，详情见厂商官网: https://wordpress.org/plugins/

Reference

https://support.fancyproductdesigner.com/support/discussions/topics/13000036024

Impacted products

Name
WordPress Fancy Product Designer plugin <=6.4.8

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-13439",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-13439"
    }
  },
  "description": "WordPress Fancy Product Designer plugin\u662f\u4e00\u6b3e\u4e13\u4e3aWordPress\u5e73\u53f0\u8bbe\u8ba1\u7684\u7535\u5b50\u5546\u52a1\u63d2\u4ef6\uff0c\u4e3b\u8981\u7528\u4e8e\u5b9e\u73b0\u4ea7\u54c1\u5728\u7ebf\u5b9a\u5236\u529f\u80fd\u3002\n\nWordPress Fancy Product Designer plugin\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8efpd_custom_uplod_file AJAX\u64cd\u4f5c\u4e2d\u7684url\u53c2\u6570\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u9a8c\u8bc1\u4e0d\u8db3\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51:\r\nhttps://wordpress.org/plugins/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-31115",
  "openTime": "2025-12-23",
  "patchDescription": "WordPress Fancy Product Designer plugin\u662f\u4e00\u6b3e\u4e13\u4e3aWordPress\u5e73\u53f0\u8bbe\u8ba1\u7684\u7535\u5b50\u5546\u52a1\u63d2\u4ef6\uff0c\u4e3b\u8981\u7528\u4e8e\u5b9e\u73b0\u4ea7\u54c1\u5728\u7ebf\u5b9a\u5236\u529f\u80fd\u3002\r\n\r\nWordPress Fancy Product Designer plugin\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8efpd_custom_uplod_file AJAX\u64cd\u4f5c\u4e2d\u7684url\u53c2\u6570\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u9a8c\u8bc1\u4e0d\u8db3\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "WordPress Fancy Product Designer plugin\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "WordPress Fancy Product Designer plugin \u003c=6.4.8"
  },
  "referenceLink": "https://support.fancyproductdesigner.com/support/discussions/topics/13000036024",
  "serverity": "\u4e2d",
  "submitTime": "2025-12-22",
  "title": "WordPress Fancy Product Designer plugin\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2025-13439 (GCVE-0-2025-13439)

Vulnerability from cvelistv5 – Published: 2025-12-16 07:21 – Updated: 2025-12-16 21:33

Title

Fancy Product Designer | WooCommerce WordPress <= 6.4.8 - Unauthenticated Information Disclosure via 'url' Parameter

Summary

The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the 'url' parameter of the fpd_custom_uplod_file AJAX action, which flows directly into the getimagesize() function without sanitization. While direct exploitation via PHP filter chains is blocked on PHP 8+ due to a separate code bug in the plugin, the vulnerability can be exploited via a TOCTOU race condition (CVE-2025-13231) also present in the same plugin, or may be directly exploitable on PHP 7.x installations. This makes it possible for unauthenticated attackers to read arbitrary sensitive files from the server, including wp-config.php.

Severity ?

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

Wordfence

References

URL

Tags

	https://www.wordfence.com/threat-intel/vulnerabil…
	https://support.fancyproductdesigner.com/support/…

Impacted products

	Vendor	Product	Version
	radykal	Fancy Product Designer	Affected: * , ≤ 6.4.8 (semver)

Credits

Muhammad Zeeshan

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-13439",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-16T21:33:39.485822Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-16T21:33:47.996Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Fancy Product Designer",
          "vendor": "radykal",
          "versions": [
            {
              "lessThanOrEqual": "6.4.8",
              "status": "affected",
              "version": "*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Muhammad Zeeshan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the \u0027url\u0027 parameter of the fpd_custom_uplod_file AJAX action, which flows directly into the getimagesize() function without sanitization. While direct exploitation via PHP filter chains is blocked on PHP 8+ due to a separate code bug in the plugin, the vulnerability can be exploited via a TOCTOU race condition (CVE-2025-13231) also present in the same plugin, or may be directly exploitable on PHP 7.x installations. This makes it possible for unauthenticated attackers to read arbitrary sensitive files from the server, including wp-config.php."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T07:21:05.706Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4fd6df9d-2963-44b1-bc4e-e53eda97a2a9?source=cve"
        },
        {
          "url": "https://support.fancyproductdesigner.com/support/discussions/topics/13000036024"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-11-19T19:20:26.000+00:00",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2025-12-15T00:00:00.000+00:00",
          "value": "Disclosed"
        }
      ],
      "title": "Fancy Product Designer | WooCommerce WordPress \u003c= 6.4.8 - Unauthenticated Information Disclosure via \u0027url\u0027 Parameter"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2025-13439",
    "datePublished": "2025-12-16T07:21:05.706Z",
    "dateReserved": "2025-11-19T19:03:47.252Z",
    "dateUpdated": "2025-12-16T21:33:47.996Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-31115

CVE-2025-13439 (GCVE-0-2025-13439)

Tags

Sightings

Nomenclature