FancyBox for WordPress Vulnerability

A vulnerability has been discovered in most versions of the Fancybox-for-WordPress plugin. This vulnerability makes it possible for attackers to inject malicious code into affected sites. If you’re using this plugin, you should immediate upgrade to the latest version.

Our security scanner has been watching for affected versions of Fancybox-for-WordPress on all VaultPress sites with security plans for the past few days. If you have already received a notification about this, please upgrade the plugin as soon as possible.

As this issue is widespread, we are also manually scanning all VaultPress-protected sites for vulnerable versions of the plugin regardless of your plan level. We will contact affected site owners directly by email, advising you to upgrade.

If your site uses a vulnerable version of Fancybox-for-WordPress, you can upgrade it from your WordPress dashboard:

  1. From your WordPress dashboard, navigate to Dashboard → Updates
  2. Scroll down to the “Plugins” section
  3. Select the “Fancybox-for-WordPress” plugin from the list, and click the “Update Plugins” button.
  4. Wait for the plugin update to download and install.

Alternately, if you are unable to upgrade plugins from your dashboard you can download the latest version of the plugin directly from WordPress.org.

As always, please let us know if you have any questions!

This entry was posted in General, Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s