Update: We posted an analysis of the vulnerability following this post.
Our research team was alerted to a possible malware outbreak affecting many WordPress websites. All the infections had a similar malicious iframe from “203koko” injected into the website. We were also directed to a forum thread where users were sharing their concerns and describing similar issues they were experiencing.
In analyzing the infected websites, we found that all the websites were using the fancybox-for-wordpress plugin.