WordPress FancyProductDesigner plugin versions prior to 3.4.2 suffer from a persistent cross site scripting vulnerability due to improper sanitization, allowing malicious .svg file uploads.
e06356cf348ec440bf9bde069022db59898d3360eefbd1156c6c4aaf4c07d21c