Hackers are currently actively exploiting a vulnerability in the WordPress Yuzo Related Posts plugin, which has 60,000+ active installations.
The plugin was closed on March 30, 2019 and hackers are using an unauthenticated vulnerability to inject JavaScript code. The plugin support forum shows that many users have been hacked today.
If you are using our web application firewall for WordPress, NinjaFirewall WP Edition (free) and NinjaFirewall WP+ Edition (premium), you are protected against this vulnerability.
Hacked?
If you were hacked, delete the plugin (there is no update available right now), and remove it data from the database. You can also use our script to clean-it up:
<?php /* +=====================================================================+ | (c) NinTechNet - https://nintechnet.com/ | +=====================================================================+ | Script to clean-up Yuzo Related Posts hack | +=====================================================================+ | 1. Rename this file to "whatever.php". | | 2. Upload it into your WordPress root folder. | | 3. Go to http://YOUR WEBSITE/whatever.php | | 4. Delete it afterwards. | +=====================================================================+ */ header('Content-Type: text/plain'); if ( file_exists( __DIR__ . '/wp-config.php' ) ) { $wp_config = __DIR__ . '/wp-config.php'; } elseif ( file_exists( dirname( __DIR__ ) . '/wp-config.php' ) ) { $wp_config = dirname( __DIR__ ) . '/wp-config.php'; } else { die("Cannot find wp-config.php"); } require_once $wp_config; $yuzo = get_option( 'yuzo_related_post_options' ); if ( empty( $yuzo['yuzo_related_post_css_and_style'] ) ) { die("Nothing to delete!"); } $deleted = $yuzo['yuzo_related_post_css_and_style']; $yuzo['yuzo_related_post_css_and_style'] = ''; update_option( 'yuzo_related_post_options', $yuzo ); echo "Done. The following code was removed:\n\n$deleted\n"; // EOF
Stay informed about the latest vulnerabilities in WordPress plugins and themes: @nintechnet