This entry was posted in WordPress Security on February 5, 2015 by Mark Maunder 18 Replies

A serious vulnerability has been discovered in the FancyBox plugin for WordPress. Please upgrade immediately to FancyBox 3.0.4 and monitor your site for infections. Also upgrade immediately if you see any further releases from FancyBox because the issue may need further patching.

The issue emerged yesterday on the WordPress forums, was investigated by our colleagues in infosec at Sucuri and through some excellent work by Daniel Cid and his team they identified what appears to be a zero day in the FancyBox plugin.

Update FancyBox for WordPress immediately and monitor your site and the FancyBox plugin for releases.