Thousands of WordPress sites affected by zero-day exploit

More than half-a-million WordPress users of a Fancybox plugin may be affected, security researchers say, though the exact figure is unknown.

(Image: Wikimedia Commons)

A problem-solving approach IT workers should learn from robotics engineers

Sometimes the most profound solution is to change the entire problem.

Read More

Thousands of websites are at risk of being exploited by a previously undisclosed vulnerability in a WordPress plugin, which researchers say could be used to inject malicious code into websites.

The flaw exists in Fancybox, a popular image displaying tool, through which Sucuri researchers say malware or any other script can be added to a vulnerable site.

"We can confirm that this plugin has a serious vulnerability," the researchers wrote. "It's being actively exploited in the wild, leading to many compromised websites," the researchers wrote.

WordPress, which comes in two main flavors -- a hosted version and a downloadable self-hosting version -- has already removed the plugin from its repository. But researchers warn that with more than half-a-million users of the plugin at risk, users should remove the plugin from their own sites.

It's not clear how many websites are being actively exploited by the flaw, however.

WordPress remains one of the most popular blogging platforms on the web. It's used by more than 23 percent of the top 10 million websites, recent statistics show.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All