Attackers take advantage of Yuzo Related Post plugin vulnerability. Email automation Mailgun has added a long list of corporate victims of coordinated website assaults run by WordPress on Wednesday 10 April.
During the attacks, attackers exploited the Yuzo vulnerability that enables cross-site scripting (XSS). Using this plugin, attackers have applied code to vulnerable sites, redirecting visitors to a range of malicious resources, including fake websites, malware covered updates and ads.
Mailgun is far from being the only victim with a vulnerable website mass assault plugin. Incidents could be prevented if the researcher discovering the vulnerability first notified the developer and only then published his PoC (Proof Of Concept) exploit.
The plugin had to be removed from the official plugin repository by publishing PoC-exploit the same day before a patch was released, according to Vlad, CEO at ITRate.co, and WordPress expert. However, many websites using Yuzo Related Postings remain vulnerable. It was installed on 60,000 websites at the time of plugin removal from the repository, according to WordPress.org.
On April 10, the attacks were hailed and Yuzo Related Posts developer urged website owners to immediately eliminate the problem plug-in. The attacks are one of the groups that actively exploit vulnerabilities in plugins Easy WP SMTP and Social Warfare.
What was intended for the plugin?
Internal connection–what’s it giving? How can you build one? What’s it got to do? One of the positive moments is to increase a website’s ease of use. Installing internal links in an article’s text or as a block of like articles will significantly improve visitor behavioral factors (or even better use both). Increasing usability of visitors and behavioral factors require an integrated approach.
You can move your articles to the best search results for low-frequency requests using the internal link alone. Of course, the competitiveness of a demand factor is also the case here.