C-Suite On Deck
Keep me plugged in with the best
Join thousands of your peers and receive our weekly newsletter with the latest news, industry events, customer insights, and market intelligence.
I agree to the
terms of service
PLEASE CORRECT THE FOLLOWING:
Please Enter Some Keywords
Attacks on Closed WordPress Plugins
The WordPress plugin repository team may “close” plugins and restrict downloads when they become aware of a security issue that the developer cannot fix quickly. However, bad actors are actively monitoring the WordPress plugin repository, paying close attention to these closed plugins. This may result in massive attacks if the attacker is able to identify the vulnerability and begin exploiting it. yuzo-related-post Plugin. That’s the case for the plugin yuzo-related-post version 5.12.91 that was closed on March 30th so that new users couldn’t download it. But the last time we checked, it had 60,000+ active installations. Addition to an Existing Malicious Campaign. We recently wrote about how attackers abused multiple plugins by injecting malicious scripts into them. As we can see from the originating IP address, this malware campaign has added the yuzo-related-post plugin to their list of targets. Vulnerability Details. Specifically, the yuzo-related-post plugin has an unauthenticated cross-site scripting bug. As well, some other vulnerabilities have not been fixed — this was the deciding factor in why the WordPress team closed it.
I'm for real
Enter your email once to access all our information and resources.
(Your email address is required so we know you're a real person)
By downloading this content, you give permission for your contact information to be shared with the content provider who may contact you in regards to the content.