Thursday, October 10, 2024
HomeCyber Security NewsWordPress Websites Hit by a Barrage of Attacks

WordPress Websites Hit by a Barrage of Attacks

Published on

Attackers exploit the vulnerability of the Yuzo Related Posts plugin.Email automation service Mailgun has added a long list of companies that were victims of large-scale coordinated attacks on websites run by WordPress on Wednesday, April 10.

In the course of the attacks, attackers exploited the vulnerability in the Yuzo which allows cross-site scripting (XSS). With the help of this plugin, attackers have applied code into vulnerable sites which redirected visitors to a variety of malicious resources, including fake support sites, malware disguised as updates, and advertising.

Mailgun is far from being the only victim of the mass attack on websites with a vulnerable plugin. Incidents could well have been avoided if the researcher who discovered the vulnerability had first notified the developer and only then published his PoC (Proof Of Concept) exploit.

- Advertisement - EHA

According to Vlad, CEO at ITRate.co, and WordPress expert, due to the publication of PoC-exploit on the same day, the plugin had to be removed from the official WordPress plugin repository until a patch was released. However, many websites that use the Yuzo Related Posts still remain vulnerable. According to WordPress.org, at the time of the plugin removal from the repository, it was installed on 60,000 websites.

On April 10, the attacks were hailed, and a Yuzo Related Posts developer desperately urged website owners to immediately remove the problematic plugin. According to Defiant specialists, one of the factions actively exploiting vulnerabilities in Easy WP SMTP and Social Warfare plugins is behind the attacks.

What was the Plugin Intended for?

Internal linking – what does it give? How can you build one? What is it for? One of the positive moments is to increase the usability of a website, i.e. ease of use. Placing internal links in the text of an article or as a block of similar articles (or even better – by using both), will significantly improve the visitors’ behavioral factors.

Increasing usability and behavioral factors of visitors require a comprehensive approach. Creating a convenient search on a website or a favicon also moves us forward in this direction. Everything is interconnected. By improving one thing, we positively influence other factors in promoting our website.

Using meaningfully the internal linking alone, you can move your articles for low-frequency requests up to the top search results. Of course, the competitiveness of a request factor is also the case here.

Related Read

Zero-day Stored XSS Vulnerability in WordPress Social Share Plug-in let Hackers to Compromise 70,000 Websites

Hackers Using WordPress and Joomla Sites to Distribute Shade Ransomware

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability...

Wireshark 4.4.1 Released, What’s new!

Wireshark, the world’s leading network protocol analyzer, has just released version 4.4.1, bringing a...

Multiple VMware NSX Vulnerabilities Let Attackers Gain Root Access

VMware has disclosed multiple vulnerabilities in its NSX product line that could potentially allow...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users

Hackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide.The flaw,...

Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code

Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability...

Wireshark 4.4.1 Released, What’s new!

Wireshark, the world’s leading network protocol analyzer, has just released version 4.4.1, bringing a...