Home » News » Hackers used flaw in Yuzo Related Posts plugin for a massive attack on WordPress-powered websites

Hackers used flaw in Yuzo Related Posts plugin for a massive attack on WordPress-powered websites

Mail service Mailgun was attacked together with more than a thousand of other companies’ sites on Wednesday, April 10.

During the attack hackers exploited vulnerability in Yuzo Related Posts plugin that allows establishment of scripting between web-sites (XSS). With its help attackers implemented on vulnerable websites a code that redirects users on malware resources, including fake technical service portals, malicious software that was masked under updates, and ads.

“Our applications including the Mailgun Dashboard, APIs, and customer data stored on our platform were not impacted by this issue”, – the company Mailgun said in its status report page.

However, Mailgun was not the only victim of massive attack on websites with vulnerable plugin. Situation could be avoided is researcher that found it informed developer prior to RoS-exploit publishing.

Due to RoS-exploit publishing plugin same day had to be removed from official WordPress plugin library until patch release. Nevertheless, bulk of websites that use Yuzo Related Posts are still vulnerable. According to WordPress, at the moment of plugin removal it was established on 60 thousands websites.

On 10th of April, attacks came as an avalanche, and Yuzo Related Posts developer in dispatch asked website owners to remove problematic plugin. Defiant specialists say that for the attack is responsible one of the groups that actively exploit vulnerabilities in Easy WP SMTP and Social Warfare plugins.

Source: https://www.zdnet.com/article/mailgun-hacked-part-of-massive-attack-on-wordpress-sites/

[Total: 1    Average: 5/5]
READ  Researchers estimate that 1.2 billion of Apple’s devices are not protected from MitM attacks

About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

Graboid Spreads Through Docker Containers

Graboid mining worm spreads through Docker containers

Palo Alto Networks experts have discovered the strange crypto-jacking worm Graboid, which spreads through the …

Attackers use Checkm8 jailbreak

Attackers actively use the fresh Checkm8 jailbreak for their own purposes

Cisco Talos experts warned users that attackers are actively using Checkm8 jailbreak. At the end …

Leave a Reply