…and how the exploit really worked
Last week a very popular plugin called FancyBox for WordPress was hit with a zero-day vulnerability which I happened to experience first-hand and dig into. If you’ve not heard about this here are a couple of links to get you up to speed:
The plugin was force-updated (where possible) on WordPress sites out there. This is the full disclosure of how the exploit worked.