Hackers exploit vulnerability in WordPress related-posts plugin
A vulnerability in a popular related-sites WordPress plugin is being actively exploited, with security researchers urgently warning users to take action.
The plugin, Yuzo Related Posts, contains a cross-site scripting vulnerability that allows hackers to inject malicious code into a WordPress-based website using it, redirecting visitors to malicious website instead.
One prominent victim of the hack was Mailgun Technologies Inc., a provider of email services popular among internet marketers. Using the vulnerability, hackers redirected visitors to the Mailgun website to another site for two hours before Mailgun took action.
“We immediately launched an incident [response] to determine the source of the redirects and determined that a plugin for WordPress was responsible for issuing the redirects. We’ve disabled the plugin responsible for this issue,” the company said in a statement reported Thursday by Computing UK.
WordPress also has removed the Yuzo plugin from its directory. It’s believed that at least 60,000 WordPress-based websites may be using the plugin and remain vulnerable to attack.
Because of WordPress’ scale and open-source nature, it has always been a target for attacks, Chris Morales, head of security analytics at threat detection and response platform Vectra Networks Inc., told SiliconANGLE.
“By focusing on vulnerabilities in the underlying platform, it is easy to succeed in opportunistic attacks targeting any user of the WordPress software,” Morales said. “Users need to pay careful attention to the sites they do visit at any given time and be careful what information they are providing.”
Chris Orr, a systems engineer at Tripwire Inc., also noted that vulnerabilities in WordPress plugins have been a longstanding problem.
“The plug-in directory is very much like the Google Play store where vetting of apps is a major weakness,” Orr said. “Lack of notifications by the plug-in developer is also an issue to contend with.”
He recommends that WordPress users either automatically update the platform and their apps, pay close attention to how the ones they use behave and keep an eye out for vulnerabilities.
Image: WordPress
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU