So today I loaded my website and while it was loading, I noticed that it wasn’t actually loading my starting page but it tried to redirect me to
hellofromhony.com. Of course, it is visible that something was wrong, so using
Burp Suite I tried to follow the order of the events in order to understand when the redirection happened.
It is visible that there was something wrong with the Yuzo plugin, since suddenly it was replying with 404. After some Googling multiple results came from the last 24 hours telling that there is an issue with the plugin, and that some people are exploiting this issue to redirect people on spam websites.
Wordfence has an in depth explanation of what is the issue in this case. I will leave the link for the post at the end of this page.
How to fix the redirect
My first thought was to uninstall it from the plugins of WordPress directly, but it wasn’t there, meaning that it needs to be done through cpanel.
After logging in, I went to the Database of my WordPress instance and looked for the
wp-options trying to find a reference for
Since the XSS vulnerability is located inside the style page, I deleted the
This stopped the redirect and finally the starting page loaded again.
note A google search returns multiple website with the plugin enabled. I believe even more people will get affected by that issue.