Automattic, the company behind the popular WordPress content management system, has issued a warning about a serious vulnerability in a popular plug-in.
The FancyBox plugin is a popular plugin used to display images, HTML content and video clips in a ‘lightbox’ that floats above websites. However, a bug in older versions of the plugin can allow hackers to inject malicious code into a website.
The issue came to light on a WordPress support forum last week, when several users complained their websites had been infected with malware and the plugin quickly emerged as a common thread. Some complained the malware had also compromised their sites’ database.
“I have also got [malware content] on my site. I got a [sic] the dreaded email from Google saying my site has malware infected on it. I am currently in contact with [my web hosting company]. They are currently scanning my site for malicious code,” one user said.
After the issue came to light, the developer of the plugin issued a patch as part of a new version, 3.0.4. Website owners using a version older than this are urged to update it immediately.
In recent versions of WordPress, the plugin can be updated from the WordPress dashboard by scrolling down to the “Plugins” section, selecting the “Fancybox-for-WordPress” plugin from the list, and clicking the “Update Plugins” button.
ABOUT THE AUTHOR
COMMENTS
SmartCompany is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while it is being reviewed, but we’re working as fast as we can to keep the conversation rolling.
The SmartCompany comment section is members-only content. Please subscribe to leave a comment.
The SmartCompany comment section is members-only content. Please login to leave a comment.