As part of the popular plugin Yuzo Related Posts An XSS vulnerability has been discovered in WordPress with over 60,000 installs. The attackers quickly took advantage of the bug, staging a large-scale and coordinated attack against vulnerable resources, which, among other things, affected the popular mail service Mailgun. The discussion about the attacks has already unfolded on the official WordPress forums (1,
2, 3), as well as on StackOverflow.
The problem allows attackers to inject malicious code onto a vulnerable site, which is then used to redirect visitors to various scam resources, from fake technical support, to pages with ads or fake software updates hiding malware.
called on users to urgently remove the plugin from the sites and wait for the release of the patch. According to experts companies Defiant and
Sucuri, the same criminal group is behind the exploitation of the vulnerability in Yuzo Related Posts, which last month used for attacks 0-day bugs in Easy WP SMTP and Social Warfare plugins. The fact is that the exploits of the attackers relied on a malicious script hosted on hellofromhony[.]org (176.123.9[.]53), which is the same address that was already seen during the campaign against Social Warfare and Easy WP SMTP.