Tech Heads Up - Wordpress Plugin YUZE Related Posts Hacked - GoFuckYourself.com

cordoba · 04-16-2019, 03:27 AM

Woke up this morning to find one of my most important wordpress blogs was redirecting affiliate links to malware. After various attempts at a quick fix I did a Google search and discovered that it was a recent mass hack of the YUZE related posts plugin. Some twat 'security researcher' had discovered a vulnerability in the plugin and then published the code online instead of informing the makers of the plugin.

I know a lot of you with wordpress blogs will be using that plugin. Apparently 60,000 have been affected already. Anyway, removing the plugin seems to have worked, although the patched up version of it still isn't available and there doesn't seem to be any decent alternative listed in the WP library (YARPP isn't showing in the WP plugin library - maybe they are waiting to see if that shared the same vulnerability?).

https://www.zdnet.com/article/mailgu...rdpress-sites/

blackmonsters · 04-16-2019, 06:37 AM

Thanks for letting everyone know.
You are doing what this site was made for and there are plenty of webmasters here who
appreciate you taking the time to post and inform us about this.

babeterminal · 04-16-2019, 08:20 AM

is it this one ? i was using this a few months back its not showing up on wordpress

yet-another-related-posts-plugin.4.4

j3rkules · 04-16-2019, 11:09 AM

Now it's also Social Warfare and Easy WP SMTP.

04-16-2019, 03:27 AM	#1
cordoba Confirmed User Join Date: Feb 2010 Posts: 1,053	Heads Up - Wordpress Plugin YUZE Related Posts Hacked Woke up this morning to find one of my most important wordpress blogs was redirecting affiliate links to malware. After various attempts at a quick fix I did a Google search and discovered that it was a recent mass hack of the YUZE related posts plugin. Some twat 'security researcher' had discovered a vulnerability in the plugin and then published the code online instead of informing the makers of the plugin. I know a lot of you with wordpress blogs will be using that plugin. Apparently 60,000 have been affected already. Anyway, removing the plugin seems to have worked, although the patched up version of it still isn't available and there doesn't seem to be any decent alternative listed in the WP library (YARPP isn't showing in the WP plugin library - maybe they are waiting to see if that shared the same vulnerability?). https://www.zdnet.com/article/mailgu...rdpress-sites/

04-16-2019, 06:37 AM	#2
blackmonsters Making PHP work Industry Role: Join Date: Nov 2002 Location: 🌎🌅🌈🌇 Posts: 19,973	Thanks for letting everyone know. You are doing what this site was made for and there are plenty of webmasters here who appreciate you taking the time to post and inform us about this. __________________ Camsoda pays : Become a Cam Model or Sign up as a Webmaster

04-16-2019, 08:20 AM	#3
babeterminal Confirmed User Industry Role: Join Date: Jul 2010 Location: tits Posts: 2,751	is it this one ? i was using this a few months back its not showing up on wordpress yet-another-related-posts-plugin.4.4 __________________ SIG SPOT SEND MESSAGE IF INTERESTED

04-16-2019, 11:09 AM	#4
j3rkules VIP Industry Role: Join Date: Jul 2013 Posts: 22,104	Now it's also Social Warfare and Easy WP SMTP. __________________ How To Build A Porn Site And Make Money \| My Best $$$ Cam Sponsor 3 Top Adult Hosting Providers