According to network security firm Sucuri, the researchers first became aware of a possible malware outbreak affecting many websites. All the malware affected websites had a similar 203koko iframe injected into those websites. After further investigation, the firm confirmed that FancyBox for WordPress plugin was the culprit with serious vulnerability allowing hackers to insert malicious code on the websites that had it installed.
Following the discovery, the plugin was immediately removed from WordPress.org plugin repository and Sucuri recommended all WordPress websites to remove the plugin as soon as possible. However, the authors have since released three updates to patch the vulnerability. The updates also contain a number of other bug fixes.
Because WordPress is being used on millions of websites across the world, it's a common target for hackers to exploit the vulnerability of its plugins. While the core WordPress is constantly being monitored for any possible security breach, the third-party plugins are often not as secure as the core software. That's when things tend to get ugly. Sucui recommends using its Website Firewall or similar services to avoid falling victim to such issues. The firm said that its Website Firewall users were safe from the exploit despite using the plugin.
It's a good reminder that from time to time you need to check your WordPress plugins for updates. Many users forget to update their themes and plugins leaving their site at a vulnerable state. It's always a good practice to be on the lookout for new updates and install them, especially in the case of security releases and patches, which FancyBox for WordPress just released to fix the security issue.
Source: Sucuri