A critical zero-day vulnerability has been discovered in WordPress plugin, named ‘FancyBox for WordPress’, which is being used by thousands of websites & blogs running on the most popular Blogging Platform WordPress.
Web security researchers at Sucuri issued a warning on Wednesday about the zero-day vulnerability that is being “actively exploited in the wild” by hackers to infect as many as victims.
While there are more than 70 million websites on the Internet currently running WordPress content management system, over half a million websites use ‘FancyBox for WordPress’ Plugin, making it one of the popular plugins of WordPress for displaying images, HTML content and multimedia in a so-called “lightbox” that floats on top of Web pages..
The critical vulnerability allows cyber criminals to inject a malicious iframe (or any random script/content) into the vulnerable websites that generally redirects victims to a ‘203 koko’ website.
“All the infections had a similar malicious iframe from ‘203koko’ injected into the website,” Daniel Cid, founder and chief technology officer of Sucuri who discovered the vulnerability, wrote in an advisory. “In analysing the infected websites, we found that all the websites were using the FancyBox for WordPress plugin.”
FancyBox for WordPress Plugin has since been temporarily removed from the WordPress Plugins Directory, and the researchers advised users/wordpress developers/wordpress programmers to remove the plug-in as it hasn’t been updated for two years and poses a security threat to users.
The developers of the plugin released two new versions of the plugin on Thursday to fix the critical zero-day flaw. Version 3.0.3 addresses the actual flaw, while version 3.0.4, released late yesterday by José Pardilla, renames the plugin setting where the issue originated.
As per plugin updatelog, the latest updates will stop malicious code from appearing on the websites where the plugin is updated without removing the malicious code. Website admin who have the FancyBox for WordPress Plugin installed on their websites are advised to immediately update the plugin.