Security Firm 'Sucuri' researcher have notified a critical Zero-day vulnerability on Fancybox WordPress Plugins which have already effected millions of the WordPress websites. Researcher noted that hackers is exploiting the vulnerability in wild, by injecting malicious code into websites.
The fancybox-for-WordPress plugin is a popular image displaying tool for WordPress with more than 550,000 downloads, and through the same plugins Sucuri researchers say malware or any other script can be added to a vulnerable site.
As there is no patch available for this zero-day vulnerability, researchers have not disclose the technical details of the vulnerability. For the security reasons WordPress.or team had also removed the plugin from their repository.
How to Prevent this Vulnerability.
As WordPress.or team had also removed the plugin from their repository, it is recommend to all the website admin and blogger to remove (disable) the plugin immediately. Researcher warn that with more than half-a-million users of the plugin at risk, and hackers are exploiting the vulnerability in a high ratio.
WordPress is one of the popular open source CMS platform which is being used by more than 20 million websites. May all the site didn't used the Facncybox plugins, but if some fraction of total site uses it then also there is a huge count of the vulnerable websites.