Title: Possible security issue / vulnerability
Last modified: August 30, 2016

---

# Possible security issue / vulnerability

 *  Resolved [Minister](https://wordpress.org/support/users/lstavrevweb-ministercom/)
 * (@lstavrevweb-ministercom)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/possible-security-issue-vulnerability/)
 * Hello,
 * I’ve found the following article, which seems to explain a possible security 
   issue (vulnerability) with this plugin (that I use quite often):
    [https://blog.sucuri.net/2015/02/analysis-of-the-fancybox-for-wordpress-vulnerability.html](https://blog.sucuri.net/2015/02/analysis-of-the-fancybox-for-wordpress-vulnerability.html)
 * I would like to point the author’s attention to this post, so he could check 
   if it is an issue that should be fixed or it’s been fixed already…!?
 * Please excuse me if it’s not an issue at all!
 * Best wishes and thank you for this great plugin!
 * [https://wordpress.org/plugins/fancybox-for-wordpress/](https://wordpress.org/plugins/fancybox-for-wordpress/)

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [Jose Pardilla](https://wordpress.org/support/users/moskis/)
 * (@moskis)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/possible-security-issue-vulnerability/#post-6822107)
 * Hi,
 * The vulnerability you mention was found in February, and it was in fact patched,
   however WordPress installations that run the vulnerable version (version 3.0.2
   or lower) could have malicious code like an iframe stored in the plugin’s settings.
   If you site was using the plugin back then you should check that it is clean,
   or reset the plugin’s setting to be sure.
 * You can find more info about the vulnerability here: [https://wordpress.org/plugins/fancybox-for-wordpress/faq/](https://wordpress.org/plugins/fancybox-for-wordpress/faq/)
 *  Thread Starter [Minister](https://wordpress.org/support/users/lstavrevweb-ministercom/)
 * (@lstavrevweb-ministercom)
 * [10 years, 6 months ago](https://wordpress.org/support/topic/possible-security-issue-vulnerability/#post-6822135)
 * Thank you for your very quick reply!
 * In the comments of the article I posted I read “v3.0.6, the latest version at
   this moment I write this comment, is still affected by the exploit.”. It seems
   the people didn’t cleaned their DB and this was the reason for their conclusion
   that the latest version is still affected! I’m glad it’s not true! 🙂
 * I’ll mark the thread as resolved.
 * Thank you again! 🙂

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Possible security issue / vulnerability’ is closed to new replies.

 * ![](https://ps.w.org/fancybox-for-wordpress/assets/icon-256x256.jpg?rev=1864321)
 * [FancyBox for WordPress](https://wordpress.org/plugins/fancybox-for-wordpress/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/fancybox-for-wordpress/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/fancybox-for-wordpress/)
 * [Active Topics](https://wordpress.org/support/plugin/fancybox-for-wordpress/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/fancybox-for-wordpress/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/fancybox-for-wordpress/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [Minister](https://wordpress.org/support/users/lstavrevweb-ministercom/)
 * Last activity: [10 years, 6 months ago](https://wordpress.org/support/topic/possible-security-issue-vulnerability/#post-6822135)
 * Status: resolved