Security researchers at network security firm Sucuri issued a warning Wednesday about the zero-day vulnerability that is being ” actively exploited in the wild ” by malicious hackers. The vulnerability allows attackers to inject a malicious iframe (or any random script/content) into the vulnerable websites that generally redirects victims to a ‘203koko’ website. Over half a million websites use ‘FancyBox for WordPress’ plugin, making it one of the popular plugins of WordPress for displaying images, HTML content and multimedia.
Source: https://thehackernews.com/2015/02/fancybox-wordpress-vulnerability.html