The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation.
More Stories
python3.6-3.6.15-43.fc43
FEDORA-2025-e0b960f5d0 Packages in this update: python3.6-3.6.15-43.fc43 Update description: Automatic update for python3.6-3.6.15-43.fc43. Changelog * Fri Feb 14 2025 Charalampos Stratakis...
python3.6-3.6.15-43.fc40
FEDORA-2025-e60e30944c Packages in this update: python3.6-3.6.15-43.fc40 Update description: Security fix CVE-2025-0938 Read More
python3.6-3.6.15-43.fc41
FEDORA-2025-59cbb4663d Packages in this update: python3.6-3.6.15-43.fc41 Update description: Security fix CVE-2025-0938 Read More
python3.6-3.6.15-43.fc42
FEDORA-2025-f1971ff110 Packages in this update: python3.6-3.6.15-43.fc42 Update description: Security fix CVE-2025-0938 Read More
USN-7275-1: Libtasn1 vulnerability
Bing Shi discovered that Libtasn1 inefficiently handled certificates. An attacker could possibly use this issue to increase resource utilization leading...
kernel-6.12.15-200.fc41
FEDORA-2025-cca2fcc70c Packages in this update: kernel-6.12.15-200.fc41 Update description: The 6.12.15 stable kernel update contains a number of important fixes across...