A vulnerability has been discovered in most versions of the Fancybox-for-WordPress plugin. This vulnerability makes it possible for attackers to inject malicious code into affected sites. If you’re using this plugin, you should immediate upgrade to the latest version.
Our security scanner has been watching for affected versions of Fancybox-for-WordPress on all VaultPress sites with security plans for the past few days. If you have already received a notification about this, please upgrade the plugin as soon as possible.
As this issue is widespread, we are also manually scanning all VaultPress-protected sites for vulnerable versions of the plugin regardless of your plan level. We will contact affected site owners directly by email, advising you to upgrade.
If your site uses a vulnerable version of Fancybox-for-WordPress, you can upgrade it from your WordPress dashboard:
- From your WordPress dashboard, navigate to Dashboard → Updates
- Scroll down to the “Plugins” section
- Select the “Fancybox-for-WordPress” plugin from the list, and click the “Update Plugins” button.
- Wait for the plugin update to download and install.
Alternately, if you are unable to upgrade plugins from your dashboard you can download the latest version of the plugin directly from WordPress.org.
As always, please let us know if you have any questions!