Attackers exploit zero-day flaw in popular WordPress plug-in

WordPress sites with the plug-in Fancybox-for-WordPress should apply a critical security update released Thursday that fixes a vulnerability already exploited by attackers.

Researchers from Web security firm Sucuri issued a warning about the vulnerability Wednesday after seeing attacks that injected a malicious iframe into websites.

They tracked down the problem to a flaw in Fancybox-for-WordPress, which allows webmasters to easily integrate the Fancybox JavaScript library into their WordPress sites. FancyBox is a tool for displaying images, HTML content and multimedia in a so-called “lightbox” that floats on top of Web pages.

Fancybox-for-WordPress has been downloaded almost 600,000 times from the official WordPress plug-in repository to date.

To read this article in full or to leave a comment, please click here

Story added 5. February 2015, content source with full text you can find at link above.

Attackers exploit zero-day flaw in popular WordPress plug-in

More antivirus and malware news?

Ads

Security news

Malware

Security

IT security

About site

Search Terms Tips

Recent New Tips

Recent Posts