H5N1 critical zero-day vulnerability has been discovered inwards a pop WordPress plugin, called 'FancyBox for WordPress', which is beingness used past times hundreds of thousands of websites running on the most pop Blogging Platform Wordpress.
0-DAY FLAW EXPLOITED IN THE WILD
The safety researchers at network safety trouble solid Sucuri issued a alarm Midweek nearly the zero-day vulnerability that is beingness "actively exploited inwards the wild" past times malicious hackers inwards social club to infect every bit many every bit victims.
While in that place are to a greater extent than than seventy 1000000 websites on the Internet currently running WordPress content administration system, over one-half a 1000000 websites utilization 'FancyBox for WordPress' Plugin, making it 1 of the pop plugins of Wordpress for displaying images, HTML content as well as multimedia inwards a so-called "lightbox" that floats on superlative of Web pages..
HACKERS INJECT MALWARE INTO WEBSITES
The vulnerability allows attackers to inject a malicious iframe (or whatever random script/content) into the vulnerable websites that mostly redirects victims to a '203koko' website.
"All the infections had a like malicious iframe from '203koko' injected into the website," Daniel Cid, founder as well as primary technology scientific discipline officeholder of Sucuri who discovered the vulnerability, wrote inwards an advisory. "In analysing the infected websites, nosotros flora that all the websites were using the FancyBox for WordPress plugin."
FancyBox for WordPress Plugin has since been temporarily removed from the WordPress Plugins Directory, as well as the researchers advised users/wordpress developers/wordpress programmers to withdraw the plug-in every bit it hasn't been updated for 2 years as well as poses a safety threat to users.
PATCH RELEASED
Without wasting much of time, the developers released 2 novel versions of the plugin on Th to gear upward the zero-day flaw. Version 3.0.3 addresses the actual flaw, piece version 3.0.4, released belatedly yesterday past times José Pardilla, renames the plugin setting where the termination originated.
According to the plugin changelog, the latest updates volition goal malicious code from appearing on the websites where the plugin is updated without removing the malicious code. Users who convey the FancyBox for WordPress Plugin installed on their sites are advised to directly apply the patch.
WordPress is a free, opened upward source blogging tool as well as a content administration organisation (CMS) amongst to a greater extent than than 30,000 plugins, each of which offers custom functions as well as features enabling users to tailor their websites to their specific needs. It is slow to setup as well as utilization as well as that’s why tens of millions of websites across the the world opt it, as well as therefore, WordPress sites are a favorite target for hackers.