Thousands of WordPress sites affected by zero-day exploit

(Image: Wikimedia Commons)

Must See Gallery

Hands-on with the new Word, Excel, and PowerPoint apps for Windows 10 tablets

Touch-friendly versions of Word, Excel, and PowerPoint are now available in preview editions for use on devices running Windows 10. Here’s what you’ll find in each one.

Thousands of websites are at risk of being exploited by a previously undisclosed vulnerability in a WordPress plugin, which researchers say could be used to inject malicious code into websites.

The flaw exists in Fancybox, a popular image displaying tool, through which Sucuri researchers say malware or any other script can be added to a vulnerable site.

“We can confirm that this plugin has a serious vulnerability,” the researchers wrote. “It’s being actively exploited in the wild, leading to many compromised websites,” the researchers wrote.

WordPress, which comes in two main flavors — a hosted version and a downloadable self-hosting version — has already removed the plugin from its repository. But researchers warn that with more than half-a-million users of the plugin at risk, users should remove the plugin from their own sites.

It’s not clear how many websites are being actively exploited by the flaw, however.

WordPress remains one of the most popular blogging platforms on the web. It’s used by more than 23 percent of the top 10 million websites, recent statistics show.

Article source:

Related Posts