The FancyBox for WordPress Vulnerability
…and how the exploit really worked
Last week a very popular plugin called FancyBox for WordPress was hit with a zero-day vulnerability which I happened to experience first-hand and dig into. If you’ve not heard about this here are a couple of links to get you up to speed:
- https://blog.sucuri.net/2015/02/zero-day-in-the-fancybox-for-wordpress-plugin.html
- https://wptavern.com/zero-day-vulnerability-discovered-in-fancybox-for-wordpress-plugin
- https://wordpress.org/support/topic/possible-malware-2
The plugin was force-updated (where possible) on WordPress sites out there. This is the full disclosure of how the exploit worked.