WordPress Plugin – Yuzo Related Posts – is vulnerable to malware.

Apr 12, 2019 | Web Hosting News, WordPress News

WordPress Plugin - Yuzo Related Posts - is vulnerable to malware.

If you are using the Yuzo Related Posts WordPress plugin, please remove it from your WordPress installation ASAP.

We are starting to see customer websites that are using the plugin being redirected to malware websites.

There is currently NO PATCH available. Which means you HAVE TO remove the plugin.

Without going into to much detail:
The attacker calls this vulnerable plugin with certain parameters that in turn inserts code into the options of this plugin. That code currently seems to be javascript code that performs the various redirects to malware.

We have started to pro-actively implement additional protection into our Intrusion detection system to reduce the chance of a successful attack.
We have also began to scan all customers websites for this plugin and remove it if found. However, we of course prefer for you to login to your WordPress admin and remove it yourself as soon as possible.

If you have any questions or need help, please contact our support team as usual.