Published on April 11th, 2019 📆 | 5328 Views ⚑0
Coordinated attacks on WordPress sites impacted Mailgun.
Email automation and delivery service Mailgun was
one of the many companies that have been hacked as part of a massive
coordinated attack against WordPress sites. The attacks exploited an
unpatched cross-site scripting (XSS) vulnerability
in a WordPress plugin named Yuzo Related Posts. The vulnerability
allowed hackers to inject code in vulnerable sites, which they later
used to redirect incoming visitors to all sorts of nasties, such as tech
support scams, sites peddling malware-laced software
updates, or plain ol’ spammy pages showing ads.