• About
  • Write For Us
  • Contact
  • Top 50 Photography Blogs
  • Resources
  • Forum

IndustryDev

  • Design
    • Photoshop
    • Lightroom
    • Camera Raw
    • Bridge
  • Development
    • HTML
    • CSS
    • Javascript
    • PHP
    • Dev Tools
    • WordPress
  • Photography
  • Blogging
  • Technology
  • Inspiration
You are here: Home / Wordpress / Website Hacked Because of Yuzo Related Posts Plugin

Website Hacked Because of Yuzo Related Posts Plugin

April 22, 2019

I wrote a post yesterday in another category and thought I’d update you here in this category. This is important information and I don’t want anyone to miss it. To get caught up with what’s going on with the Yuzo Related Posts plugin hack, please read through this post and then return here.

WordPress Website Hacked and is Now Redirecting

Okay, I’ve been doing a bit more research on this topic. As you know, one of my blogs was hacked on April 19, 2019 and because of this hack, it began redirecting to some spammy websites. Most notably DoNotifyFriends[dot]info, BeMyLittleTeddy[dot]info and Gearbest[dot]com. After reading a very well written description of what went down on the WordFence blog, I now have a clear picture of what occurred.

Apparently, the Yuzo plugin was removed from the WordPress plugin directory in late March because of a vulnerability in their coding (stored cross-site scripting (XSS) that went unattended to. When there’s a vulnerability in a plugin’s code, this is what WordPress does. They remove it from the directory. Unfortunately, even though the plugin was removed, no one who had it installed had any way of knowing there was an issue. Anyway, there was some sloppy coding, WordPress got rid of the plugin and for some strange reason, someone out there decided to announce to the world, and the hacker, what the exact vulnerability was. When the hacker heard this, they went ahead and created some malicious code and then crawled the web to locate the over 60,000 users of this plugin. Once they did that, they injected malicious JavaScript into one of the files up the plugin, causing the redirect. As you know, finding the actual problem file is the toughest thing to deal with when attempting to repair a hacked website. It’s been suggested that anyone who has this plugin installed on their website remove it immediately. Don’t just disable it, remove it entirely.

To read more on this topic, please take a look at these posts and reply down below if you have any questions or to let us know about what happened to your own website or blog.

Yuzo Related Posts Zero-Day Vulnerability Exploited in the Wild

Your WP Site Got Hacked? Thank Yuzo Related Posts (And YellowPencil?) Plugin

Related posts:

  1. WordPress Theme & Plugins Installed On This Website
  2. New Website SEO Checklist
  3. WordPress Website Hacked and is Now Redirecting
  4. Looking For an Ad Placement Plugin That Can Post Between Excerpts
  5. Looking For a Good Recent Comments Plugin For WordPress

Filed Under: Wordpress

What’s Next? Email Updates!

If you enjoyed reading this post, why not consider signing up to receive others like it by email? It's so easy and you can unsubscribe at any time.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Connect With Me

  • Facebook
  • Instagram
  • Pinterest
  • RSS
  • Twitter

Copyright © 2021 · IndustryDev.com Web Design & Photography Blog · About · Write For Us · Contact · Privacy / Terms · Sitemap