A security problem was found in the very popular Fancybox for WordPress on February 4 that led to many infected websites. The plugin was removed from the WordPress.org plugin repository temporarily until the plugin developer released a new version that patched the security issue on February 7.
If you’re using this plugin, make sure you update it ASAP.
Old Plugins are Security Risks
Unless you just installed it for the first time since the 7th, you shouldn’t be using this plugin at all.
Why not? Because until the patch on the 7th, it hadn’t been updated in over 2 years. Old plugins can cause lots of problems, including not being compatible with modern WordPress releases, conflicts with modern themes, and having code that is more prone to modern security exploits. In short, just because an old plugin is still working doesn’t mean it’s a safe choice for your website.
There are many Fancybox plugins available – I myself use Easy FancyBox which is kept current by its developers. Do yourself and your site a favor and make sure when you install a plugin that it is compatible with the current version of WordPress that you’re using. If you have any other really old plugins, take some time to find replacements.