Yesterday our backup program alerted us to a vulnerability in the FancyBox for WordPress plugin. In a nutshell, it will allow someone to hack in and insert code into your WordPress website. This is a big problem if your site is one of the half million sites out there running this plugin.
Currently there is no patch for this plugin, and the best protection is to remove it all together. If you stumbled across this post and know you have a WordPress website, just contact your web person. They will be able to tell you if you have FanyBox installed or not. Clients on our backup plan have already been taken care of.
Again this is a good time to plug our remote backup and restore service for WordPress websites. If something happens to your site, and can restore it back to working condition. We take care of all the WordPress support and updates as well.