WordPress · Fancy Product Designer · CVE-2025-12570
**Name of the Vulnerable Software and Affected Versions**
The Fancy Product Designer plugin for WordPress versions prior to 6.4.9
**Description**
The software is susceptible to Stored Cross-Site Scripting through SVG File uploads. Insufficient input sanitization and output escaping in the `data-to-image.php` and `pdf-to-image.php` files allow unauthenticated attackers to inject arbitrary web scripts. These scripts execute when a user accesses the SVG file.
**Recommendations**
Update The Fancy Product Designer plugin to version 6.4.9 or later.