The Yuzo Related Posts Plugin Exploit in WordPress

Attacks and vulnerability disclosures in WordPress do not seem to stop just yet. Another fresh exploit in one of the popular WordPress plugins- The Yuzo Related Posts plugin exploit is making headlines after it was reported that an XSS (cross-site scripting) vulnerability has been targeted by the attackers to redirect users to malicious sites.

Moreover, The Yuzo Related Posts Plugin is currently installed on 60,000+ sites, says data on WordPress. Numerous instructions regarding the WordPress Redirect Exploit have been issued on WordPress since then. Some instructions clearly suggest uninstalling the plugin as quickly as possible in order to check the damage and protect yourself.

The Yuzo Plugin Exploit complaints on WordPress forum

The Yuzo Plugin Exploit- Codes at Cause

Firstly, the vulnerability was made public on March 30th by a security developer without informing the then current 60,000 plugin users about it. This remains the biggest cause of The Yuzo plugin exploit till now. It armed the attackers with the free of cost vulnerability while costing the users their websites. The Yuzo Related Plugin was then, promptly removed from the WordPress plugins directory to discourage any new installations. However, the already installed versions weren’t still patched. Thus, giving the attackers a free pass to enter and exploit further on their will.

WordPress website redirects to spammy pages? Drop us a message on the chat widget, and we’d be happy to help you. Fix my WordPress website now.

I tried seeing the full description of The Yuzo on WordPress after the exploit and got this result instead:

WordPress Plugins

Secondly, it turned out that is_admin() code was at the bottom of the mess. The incorrect usage of is_admin() by the developers in the following lines allowed the attackers to insert JavaScript and other malicious codes into the plugins settings.

The wrong use of is_admin() is depicted below:

Further, to execute their plan attackers inserted the following codes into the file yuzo_related_post_css_and_style. And, as a result, it redirected the websites to spammy sites when visited.

Related Article : WordPress Redirect Hack

The malicious code

Related article: How to Clean & Fix WordPress eval (base64_decode) PHP Hack

On deobfuscating the above code, we get the following code which is much easily differentiable.

Deobfuscated code

Watch this video for having this information in a nutshell.

The Yuzo Plugin Exploit- Conclusion

Now that the details of the yuzo plugin exploit are made obvious, you can take protective measures such as uninstalling the plugin, updating the themes and Resetting sensitive passwords as the next best step. Also, be warned in the future of these mistakes.

In case, you need help to clean the present infection you can always consult Astra for professional help. Our Malware scanner scans and removes malware in less than 15 minutes. We also provide VAPT (Vulnerability Assessment and Penetration Testing) in which our engineers ensure that there is no vulnerability left on your website.

Now, you can start protecting your website with Astra’s Malware Scanner starting at just $19/month.

Take an Astra demo now!

Firewall working
How Astra Web Application Firewall protects you WordPress website

Was this post helpful?



Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

Aakanchha Keshri

Aakanchha is a tech & cybersecurity enthusiast. She is an active reader and writer of the cybersecurity genre.

2 Comments

  1. Thanks a ton. My website too redirecting to some other sites sue to Yuzo related post.

    I searched solution for more than 2 hours in different platforms and finally found this.

    After deactivating the plugin, site started working fine.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close