Possible security issue / vulnerability | ww.wp.xz.cn

Resolved Minister
(@lstavrevweb-ministercom)

10 years, 6 months ago

Hello,

I’ve found the following article, which seems to explain a possible security issue (vulnerability) with this plugin (that I use quite often):
https://blog.sucuri.net/2015/02/analysis-of-the-fancybox-for-wordpress-vulnerability.html

I would like to point the author’s attention to this post, so he could check if it is an issue that should be fixed or it’s been fixed already…!?

Please excuse me if it’s not an issue at all!

Best wishes and thank you for this great plugin!

https://ww.wp.xz.cn/plugins/fancybox-for-wordpress/

Viewing 2 replies - 1 through 2 (of 2 total)

Jose Pardilla
(@moskis)

10 years, 6 months ago

Hi,

The vulnerability you mention was found in February, and it was in fact patched, however WordPress installations that run the vulnerable version (version 3.0.2 or lower) could have malicious code like an iframe stored in the plugin’s settings. If you site was using the plugin back then you should check that it is clean, or reset the plugin’s setting to be sure.

You can find more info about the vulnerability here: https://ww.wp.xz.cn/plugins/fancybox-for-wordpress/faq/

Thread Starter Minister
(@lstavrevweb-ministercom)

10 years, 6 months ago

Thank you for your very quick reply!

In the comments of the article I posted I read “v3.0.6, the latest version at this moment I write this comment, is still affected by the exploit.”. It seems the people didn’t cleaned their DB and this was the reason for their conclusion that the latest version is still affected! I’m glad it’s not true! 🙂

I’ll mark the thread as resolved.

Thank you again! 🙂

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Possible security issue / vulnerability’ is closed to new replies.

2 replies
2 participants
Last reply from: Minister
Last activity: 10 years, 6 months ago
Status: resolved