. home.aspx



Mailgun Web Issues from WordPress Plugin Hack

April 12, 2019 / Kacy Zurkus

Email automation and delivery service Mailgun, announced that it has resolved a security incident that resulted from a massive coordinated attack against WordPress sites. “The mailgun.com webpage began issuing redirects to sites outside of our domain. We immediately launched an incident to determine the source of the redirects and determined that a plugin for WordPress was responsible for issuing the redirects. We've disabled the plugin responsible for this issue,” the security incident notice said. “Our applications including the Mailgun Dashboard, APIs, and customer data stored on our platform were not impacted by this issue.” In a massive attack on WordPress sites, bad actors exploited a cross-site scripting (XSS) vulnerability in the WordPress plugin called Yuzo Related Posts plugin to inject JavaScript, redirecting visitors to various malicious tech support scams, spam ad pages, malware software updates and more. While unfortunate, this is not new and w...