Critical Security Update Needed for Fancybox-for-WordPress Users

Posted: February 10, 2015

Blog sites aren't immune to cyber attacks. A popular Wordpress plug-in was recently the focus of a possible attack. If you're a Fancybox-for-WordPress user, install the critical update and protect your blog.

Lucian Constantin, writer for PC World, shares information on a critical Wordpress plug-in security update.

Attackers exploit zero-day flaw in popular WordPress plug-in

WordPress sites with the plug-in Fancybox-for-WordPress should apply a critical security update released Thursday that fixes a vulnerability already exploited by attackers. Researchers from Web security firm Sucuri issued a warning about the vulnerability Wednesday after seeing attacks that injected a malicious iframe into websites. They tracked down the problem to a flaw in Fancybox-for-WordPress, which allows webmasters to easily integrate the Fancybox JavaScript library into their WordPress sites. FancyBox is a tool for displaying images, HTML content and multimedia in a so-called “lightbox” that floats on top of Web pages. Fancybox-for-WordPress has been downloaded almost 600,000 times from the official WordPress plug-in repository to date. Read the entire article Attackers Exploit Zero-Day Flaw in Popular WordPress Plug-in on PC World.