Tuesday, February 10, 2015

0-day in the Fancybox-for-WordPress Plugin

WordPress - the most popular open-source blogging tool and a content management system (CMS) is under attacked by hackers that targets Fancybox plugin used in WordPress. Security researchers from Sucuri issued an alert regarding the affected plugin that allows attackers to inject a malformed iframe into websites. FancyBox is used for exhibit images, HTML content and multimedia that mounts on top of Web pages. It is one of the most widely used WordPress plugins - around 600,000 times has been downloaded from the official website. According to Sucuri researchers, it's a high risk vulnerability that allows malware to be loaded on the affected website that uses that out-dated plugin. It is in user's interest to apply the security update on earliest basis. <more>

No comments: