IndustryDev

Web Design & Photography Blog

You are here: Home / Blogging / Website Hacked Because of Yuzo Related Posts Plugin

Website Hacked Because of Yuzo Related Posts Plugin

I wrote a post yesterday in another category and thought I’d update you here in this category. This is important information and I don’t want anyone to miss it. To get caught up with what’s going on with the Yuzo Related Posts plugin hack, please read through this post and then return here.

WordPress Website Hacked and is Now Redirecting

Okay, I’ve been doing a bit more research on this topic. As you know, one of my blogs was hacked on April 19, 2019 and because of this hack, it began redirecting to some spammy websites. Most notably DoNotifyFriends[dot]info, BeMyLittleTeddy[dot]info and Gearbest[dot]com. After reading a very well written description of what went down on the WordFence blog, I now have a clear picture of what occurred.

Apparently, the Yuzo plugin was removed from the WordPress plugin directory in late March because of a vulnerability in their coding (stored cross-site scripting (XSS) that went unattended to. When there’s a vulnerability in a plugin’s code, this is what WordPress does. They remove it from the directory. Unfortunately, even though the plugin was removed, no one who had it installed had any way of knowing there was an issue. Anyway, there was some sloppy coding, WordPress got rid of the plugin and for some strange reason, someone out there decided to announce to the world, and the hacker, what the exact vulnerability was. When the hacker heard this, they went ahead and created some malicious code and then crawled the web to locate the over 60,000 users of this plugin. Once they did that, they injected malicious JavaScript into one of the files up the plugin, causing the redirect. As you know, finding the actual problem file is the toughest thing to deal with when attempting to repair a hacked website. It’s been suggested that anyone who has this plugin installed on their website remove it immediately. Don’t just disable it, remove it entirely.

To read more on this topic, please take a look at these posts and reply down below if you have any questions or to let us know about what happened to your own website or blog.


Yuzo Related Posts Zero-Day Vulnerability Exploited in the Wild

Your WP Site Got Hacked? Thank Yuzo Related Posts (And YellowPencil?) Plugin

Related posts:

  1. WordPress Website Hacked and is Now Redirecting
  2. New Website SEO Checklist
  3. WordPress Theme & Plugins Installed On This Website
  4. Noindex Tag is Bad For Website SEO
  5. WordPress SEO: How To Supercharge Your Website Traffic
  6. 3 Website Link Building Tips You Never Thought Of
  7. Working With PHP in WordPress
  8. Discussion Forums – A Highly Effective Way to Promote Your Website
  9. WordPress Custom Post Type Templates
  10. Why Discussion Forums are Really Great For Website Promotion

What’s Next? Email Updates!

If you enjoyed reading this post, why not consider signing up to receive others like it by email? It's so easy and you can unsubscribe at any time.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.