Vulnerability Found In WordPress FancyBox

WordPress FancyBox

A vulnerability has been found in the plugin FancyBox. The vulnerability has been exploited and it makes the website redirect to another malicious URL.

The vulnerability injects the following script.

// CDATA[*/if(navigator.userAgent.match(/msie/i)){document.write(‘

‘);} // ]]>

It will then redirect all users to the domain in the code. The above code has had the original URL stripped to prevent unauthorized clicks to the infected website. Issues like this are becoming more and more common because there is a growing number of plugins that are abandoned on the WordPress directory. FancyBox has not has any major updated until recently when the vulnerability was found and the author immediately went to get a fix for the plugin.

The main issue is that a lot of the websites that suffered from the exploitation of this plugin are now marked as malicious by Google. This goes to show how important it is for users to pay more attention the plugins that they have installed and to always keep them up to date. If you leave plugin outdated on your website you will typically suffer from exploits and performance issues.

If you are using the plugin then you need to update it immediately or else your website could be exploited.