Friday, April 25, 2025
HomeCyber Security NewsWordPress Websites Hit by a Barrage of Attacks

WordPress Websites Hit by a Barrage of Attacks

Published on

SIEM as a Service

Follow Us on Google News

Attackers exploit the vulnerability of the Yuzo Related Posts plugin.Email automation service Mailgun has added a long list of companies that were victims of large-scale coordinated attacks on websites run by WordPress on Wednesday, April 10.

In the course of the attacks, attackers exploited the vulnerability in the Yuzo which allows cross-site scripting (XSS). With the help of this plugin, attackers have applied code into vulnerable sites which redirected visitors to a variety of malicious resources, including fake support sites, malware disguised as updates, and advertising.

Mailgun is far from being the only victim of the mass attack on websites with a vulnerable plugin. Incidents could well have been avoided if the researcher who discovered the vulnerability had first notified the developer and only then published his PoC (Proof Of Concept) exploit.

- Advertisement - Google News

According to Vlad, CEO at ITRate.co, and WordPress expert, due to the publication of PoC-exploit on the same day, the plugin had to be removed from the official WordPress plugin repository until a patch was released. However, many websites that use the Yuzo Related Posts still remain vulnerable. According to WordPress.org, at the time of the plugin removal from the repository, it was installed on 60,000 websites.

On April 10, the attacks were hailed, and a Yuzo Related Posts developer desperately urged website owners to immediately remove the problematic plugin. According to Defiant specialists, one of the factions actively exploiting vulnerabilities in Easy WP SMTP and Social Warfare plugins is behind the attacks.

What was the Plugin Intended for?

Internal linking – what does it give? How can you build one? What is it for? One of the positive moments is to increase the usability of a website, i.e. ease of use. Placing internal links in the text of an article or as a block of similar articles (or even better – by using both), will significantly improve the visitors’ behavioral factors.

Increasing usability and behavioral factors of visitors require a comprehensive approach. Creating a convenient search on a website or a favicon also moves us forward in this direction. Everything is interconnected. By improving one thing, we positively influence other factors in promoting our website.

Using meaningfully the internal linking alone, you can move your articles for low-frequency requests up to the top search results. Of course, the competitiveness of a request factor is also the case here.

Related Read

Zero-day Stored XSS Vulnerability in WordPress Social Share Plug-in let Hackers to Compromise 70,000 Websites

Hackers Using WordPress and Joomla Sites to Distribute Shade Ransomware

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Microsoft Defender XDR False Positive Leaked Massive 1,700+ Sensitive Documents to Publish

An alarming data leak involving Microsoft Defender XDR has exposed more than 1,700 sensitive...

‘SessionShark’ – A New Toolkit Bypasses Microsoft Office 365 MFA Security

Security researchers have uncovered a new and sophisticated threat to Microsoft Office 365 users:...

Hackers Exploit MS-SQL Servers to Deploy Ammyy Admin for Remote Access

A sophisticated cyberattack campaign has surfaced, targeting poorly managed Microsoft SQL (MS-SQL) servers to...

New Report Reveals How AI is Rapidly Enhancing Phishing Attack Precision

The Zscaler ThreatLabz 2025 Phishing Report unveils the alarming sophistication of modern phishing attacks,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Microsoft Defender XDR False Positive Leaked Massive 1,700+ Sensitive Documents to Publish

An alarming data leak involving Microsoft Defender XDR has exposed more than 1,700 sensitive...

‘SessionShark’ – A New Toolkit Bypasses Microsoft Office 365 MFA Security

Security researchers have uncovered a new and sophisticated threat to Microsoft Office 365 users:...

Hackers Exploit MS-SQL Servers to Deploy Ammyy Admin for Remote Access

A sophisticated cyberattack campaign has surfaced, targeting poorly managed Microsoft SQL (MS-SQL) servers to...