Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Zero-day flaw in WordPress plugin used to inject malware into sites

Zero-day flaw in WordPress plugin used to inject malware into sites

2015/02/06

Securityweek - (International) WordPress patched a zero-day flaw in its FancyBox plugin after Sucuri researchers noted the vulnerability could allow attackers to inject malware or scripts into Web sites, after numerous users complained of malicious "iframe" injections on their sites.

Source: http://www.securityweek.com/zero-day-flaw-wordpress-plugin-used-inject-malware-sites

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:23:23