Hi saniul_12,
Feel free to stop using the plugin but please note that the vulnerability was fixed with version 3.0.3 the day it was found.
More info: https://ww.wp.xz.cn/plugins/fancybox-for-wordpress/faq/
Jose but you should make a comment in the plugin or manage a way of telling people to update the plugin because you found a vulnerability, it took me a while before I found where the malware was.
Just tested version 3.0.6 and the malware is still there…
////
As soon as I installed the plugin my Sucuri Security Scan alerts me:
http://labs.sucuri.net/db/malware/malware-entry-mwjsgen2?web.js.malware.fancybox.001
I have been also contacted from a few people telling me that my website was redirecting them to other SPAM pages.
Please make sure before installing that this issue has been cleared.
Cheers.
Javier Faus.
