Zero-day in the Fancybox-for-WordPress Plugin


Zero-day in the Fancybox-for-WordPress Plugin fancybox-for-wordpress plugin is a popular WordPress plugin with more than 550,000 downloads. There doesn’t appear to be any public vulnerabilities being reported, which piqued our interest. To understand how it was connected, we decided to do our own code / vulnerability review.

After some analysis, we can confirm that this plugin has a serious vulnerability that allows for malware (or any random script/content) to be added to the vulnerable site. Because it is currently unpatched, we will not disclose more information.

What makes things worse, is that it’s being actively exploited in the wild, leading to many compromised websites. Read more…

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *