The Fancybox plugin for WordPress has been hit by a zero-day exploit that allows hackers to inject malicious code into websites, reports ZDNet.
The plugin, which has been downloaded 600,000 times from the official WordPress plugin repository, is a tool for displaying images, HTML content and multimedia in a lightbox. Russian security researchers Gennady and Konstantin Kovshenin found that attackers could deliver malicious iframes through a persistent cross-site scripting vulnerability, according to The Register. The bug was first spotted on the WordPress forums, where writers reported unauthorized iframe being injected from unknown sites.
Zero-day exploit affects popular WordPress plugin
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.