Support » Plugin: YUZO » hosting company says related posts vulnerability causing hack and admin add

  • Hi there,

    First, wordpress and themes and plugins are all updated as updates come out. Nothing is out of date.

    My site got hacked. My hosting company said that there were no infected files. However, they said that the site was compromised through Yuzo Related Posts plugin. The plugin has been very helpful, and I hate to deactivate and delete it, but I don’t want to take any chances.

    I see that there was another person who described a security vulnerability about a month ago. Any chance of reviewing to update/correct as needed if there is a problem? I’d love to continue using the plugin, if possible.

    The problem:
    1. A user was added to my users with administrator role: wordpressupdate@yandex.com

    2. When I clicked on a link, I got redirected to spam sites/sites prompting users to download what appeared to be malicious code.

    Example (spam/malicious link – DO NOT GO THERE):
    https://REDACTED//retdf/dbfg/?utm_source=444&utm_campaign=8285866&sid=21487&qs1=my+website+article+name.+%7C+my+website+name&clck=AMJW9VzvUwAA_AYCAFVTMwASAM1CFeAA

    Thank you,
    Eva

    • This topic was modified 1 year, 3 months ago by evarubin.
    • This topic was modified 1 year, 3 months ago by evarubin.
    • This topic was modified 1 year, 3 months ago by evarubin.
    • This topic was modified 1 year, 3 months ago by Steven Stern (sterndata).
Viewing 1 replies (of 1 total)
  • We faced a similar issue, caused by the “Related Posts” plugin. I’d suggest to delete this plugin and clean up the mess.

Viewing 1 replies (of 1 total)
  • The topic ‘hosting company says related posts vulnerability causing hack and admin add’ is closed to new replies.