The Yuzo Related Posts Plugin Exploit in WordPress
Updated on: May 2, 2022
Aakanchha Keshri
3 mins read
Article Summary
Attacks and vulnerability disclosures in WordPress do not seem to stop just yet. Another fresh exploit in one of the popular WordPress plugins- The Yuzo Related Posts is making headlines after it was reported that an XSS (cross site scripting) vulnerability has been targeted by the attackers to redirect users to malicious sites.
Attacks and vulnerability disclosures in WordPress do not seem to stop just yet. Another fresh exploit in one of the popular WordPress plugins- The Yuzo Related Posts plugin exploit is making headlines after it was reported that an XSS (cross-site scripting) vulnerability has been targeted by the attackers to redirect users to malicious sites.
Related Guide – WordPress Hack Removal
Moreover, The Yuzo Related Posts Plugin is currently installed on 60,000+ sites, says data on WordPress. Numerous instructions regarding the WordPress Redirect Exploit have been issued on WordPress since then. Some instructions clearly suggest uninstalling the plugin as quickly as possible in order to check the damage and protect yourself.
The Yuzo Plugin Exploit- Codes at Cause
Firstly, the vulnerability was made public on March 30th by a security developer without informing the then-current 60,000 plugin users about it. This remains the biggest cause of The Yuzo plugin exploit till now. It armed the attackers with the free of cost vulnerability while costing the users their websites. The Yuzo Related Plugin was then, promptly removed from the WordPress plugins directory to discourage any new installations. However, the already installed versions weren’t still patched. Thus, giving the attackers a free pass to enter and exploit further on their will.
WordPress website redirects to spammy pages? Drop us a message on the chat widget, and we’d be happy to help you. Remove Malware From My WordPress Website Now.
I tried seeing the full description of The Yuzo on WordPress after the exploit and got this result instead:
Secondly, it turned out that is_admin() code was at the bottom of the mess. The incorrect usage of is_admin() by the developers in the following lines allowed the attackers to insert JavaScript and other malicious codes into the plugins settings.
The wrong use of is_admin() is depicted below:
Further, to execute their plan attackers inserted the following codes into the file yuzo_related_post_css_and_style. And, as a result, it redirected the websites to spammy sites when visited.
Related Article : WordPress Redirect Hack
Related article: How to Clean & Fix WordPress eval (base64_decode) PHP Hack
On deobfuscating the above code, we get the following code which is much easily differentiable.
Watch this video for having this information in a nutshell.
The Yuzo Plugin Exploit- Conclusion
Now that the details of the yuzo plugin exploit are made obvious, you can take protective measures such as uninstalling the plugin, updating the themes and Resetting sensitive passwords as the next best step. Also, be warned in the future of these mistakes.
In case, you need help to clean the present infection you can always consult Astra for professional help. Our Malware scanner scans and removes malware in less than 15 minutes. We also provide VAPT (Vulnerability Assessment and Penetration Testing) in which our engineers ensure that there is no vulnerability left on your website.
Now, you can start protecting your website with Astra’s Malware Scanner starting at just $19/month.
Aakanchha Keshri
Thanks a ton. My website too redirecting to some other sites sue to Yuzo related post.
I searched solution for more than 2 hours in different platforms and finally found this.
After deactivating the plugin, site started working fine.