. https://blog.sucuri.net/2019/04/attacks-on-closed-wordpress-plugins.html
blog article
The WordPress plugin repository team may “close” plugins and restrict downloads when they become aware of a security issue that the developer cannot fix quickly. However, bad actors are actively monitoring the WordPress plugin repository, paying close attention to these closed plugins. This may result in massive attacks if the attacker is able to identify the vulnerability and begin exploiting it. yuzo-related-post Plugin. That’s the case for the plugin yuzo-related-post version 5.12.91 that was closed on March 30th so that new users couldn’t download it. But the last time we checked, it had 60,000+ active installations. Addition to an Existing Malicious Campaign. We recently wrote about how attackers abused multiple plugins by injecting malicious scripts into them. As we can see from the originating IP address, this malware campaign has added the yuzo-related-post plugin to their list of targets. Vulnerability Details. Specifically, the yuzo-related-post plugin has an unauthenticated cross-site scripting bug. As well, some other vulnerabilities have not been fixed — this was the deciding factor in why the WordPress team closed it. READ MORE