Thursday, January 23, 2025
HomeCyber Security NewsWordPress Websites Hit by a Barrage of Attacks

WordPress Websites Hit by a Barrage of Attacks

Published on

SIEM as a Service

Follow Us on Google News

Attackers exploit the vulnerability of the Yuzo Related Posts plugin.Email automation service Mailgun has added a long list of companies that were victims of large-scale coordinated attacks on websites run by WordPress on Wednesday, April 10.

In the course of the attacks, attackers exploited the vulnerability in the Yuzo which allows cross-site scripting (XSS). With the help of this plugin, attackers have applied code into vulnerable sites which redirected visitors to a variety of malicious resources, including fake support sites, malware disguised as updates, and advertising.

Mailgun is far from being the only victim of the mass attack on websites with a vulnerable plugin. Incidents could well have been avoided if the researcher who discovered the vulnerability had first notified the developer and only then published his PoC (Proof Of Concept) exploit.

According to Vlad, CEO at ITRate.co, and WordPress expert, due to the publication of PoC-exploit on the same day, the plugin had to be removed from the official WordPress plugin repository until a patch was released. However, many websites that use the Yuzo Related Posts still remain vulnerable. According to WordPress.org, at the time of the plugin removal from the repository, it was installed on 60,000 websites.

On April 10, the attacks were hailed, and a Yuzo Related Posts developer desperately urged website owners to immediately remove the problematic plugin. According to Defiant specialists, one of the factions actively exploiting vulnerabilities in Easy WP SMTP and Social Warfare plugins is behind the attacks.

What was the Plugin Intended for?

Internal linking – what does it give? How can you build one? What is it for? One of the positive moments is to increase the usability of a website, i.e. ease of use. Placing internal links in the text of an article or as a block of similar articles (or even better – by using both), will significantly improve the visitors’ behavioral factors.

Increasing usability and behavioral factors of visitors require a comprehensive approach. Creating a convenient search on a website or a favicon also moves us forward in this direction. Everything is interconnected. By improving one thing, we positively influence other factors in promoting our website.

Using meaningfully the internal linking alone, you can move your articles for low-frequency requests up to the top search results. Of course, the competitiveness of a request factor is also the case here.

Related Read

Zero-day Stored XSS Vulnerability in WordPress Social Share Plug-in let Hackers to Compromise 70,000 Websites

Hackers Using WordPress and Joomla Sites to Distribute Shade Ransomware

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...

New Cookie Sandwich Technique Allows Stealing of HttpOnly Cookies

The "Cookie Sandwich Attack" showcases a sophisticated way of exploiting inconsistencies in cookie parsing...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in...