/>
X

Thousands of WordPress sites affected by zero-day exploit

More than half-a-million WordPress users of a Fancybox plugin may be affected, security researchers say, though the exact figure is unknown.
zack-whittaker-hs2016-rtsquare-1.jpg
Written by Zack Whittaker on
(Image: Wikimedia Commons)

Thousands of websites are at risk of being exploited by a previously undisclosed vulnerability in a WordPress plugin, which researchers say could be used to inject malicious code into websites.

The flaw exists in Fancybox, a popular image displaying tool, through which Sucuri researchers say malware or any other script can be added to a vulnerable site.

"We can confirm that this plugin has a serious vulnerability," the researchers wrote. "It's being actively exploited in the wild, leading to many compromised websites," the researchers wrote.

WordPress, which comes in two main flavors -- a hosted version and a downloadable self-hosting version -- has already removed the plugin from its repository. But researchers warn that with more than half-a-million users of the plugin at risk, users should remove the plugin from their own sites.

It's not clear how many websites are being actively exploited by the flaw, however.

WordPress remains one of the most popular blogging platforms on the web. It's used by more than 23 percent of the top 10 million websites, recent statistics show.

Related

Apple politely explains why iPhone cases are a waste of money
Apple iPhone 13 Pro Max

Apple politely explains why iPhone cases are a waste of money

Apple
The 8 best iPhone models of 2022
iphone-12-models.png

The 8 best iPhone models of 2022

iPhone
Delta Air Lines just made a callous admission that customers may find galling
screen-shot-2022-07-18-at-5-18-46-pm.png

Delta Air Lines just made a callous admission that customers may find galling

Business