Mail service Mailgun was attacked together with more than a thousand of other companies’ sites on Wednesday, April 10.During the attack hackers exploited vulnerability in Yuzo Related Posts plugin that allows establishment of scripting between web-sites (XSS). With its help attackers implemented on vulnerable websites a code that redirects users on malware resources, including fake technical service portals, malicious software that was masked under updates, and ads.
“Our applications including the Mailgun Dashboard, APIs, and customer data stored on our platform were not impacted by this issue”, – the company Mailgun said in its status report page.
However, Mailgun was not the only victim of massive attack on websites with vulnerable plugin. Situation could be avoided is researcher that found it informed developer prior to RoS-exploit publishing.
Due to RoS-exploit publishing plugin same day had to be removed from official WordPress plugin library until patch release. Nevertheless, bulk of websites that use Yuzo Related Posts are still vulnerable. According to WordPress, at the moment of plugin removal it was established on 60 thousands websites.
On 10th of April, attacks came as an avalanche, and Yuzo Related Posts developer in dispatch asked website owners to remove problematic plugin. Defiant specialists say that for the attack is responsible one of the groups that actively exploit vulnerabilities in Easy WP SMTP and Social Warfare plugins.