WordPress Urges Users to Uninstall Yuzo Plugin After Flaw Exploited

[silversurfer]

A vulnerability in the Yuzo Related Posts WordPress plugin, used by 60,000 websites, is being exploited in the wild.
 
WordPress is urging users to uninstall the popular Yuzo Related Posts plugin after a flaw was discovered being exploited in the wild – putting tens of thousands of websites at risk.
 
Yuzo Related Posts, which enables WordPress websites to display “related posts” segments, is installed on over 60,000 websites. A cross-site scripting flaw was recently disclosed in the plugin that could be used to deface websites, redirect visitors to unsafe websites, or compromise WordPress administrator accounts, and more.
 
That vulnerability is now being exploited in the wild, warned Dan Moen with Wordfence in a Wednesday post: “The vulnerability, which allows stored cross-site scripting (XSS), is now being exploited in the wild. These attacks appear to be linked to the same threat actor who targeted the recent Social Warfare and Easy WP SMTP vulnerabilities.”

SOURCE: https://threatpost.com/wordpress-urges-u...ed/143710/