So today I loaded my website and while it was loading, I noticed that it wasn’t actually loading my starting page but it tried to redirect me to hellofromhony.com. Of course, it is visible that something was wrong, so using Burp Suite I tried to follow the order of the events in order to understand when the redirection happened.

Suspicious request on #68

It is visible that there was something wrong with the Yuzo plugin, since suddenly it was replying with 404. After some Googling multiple results came from the last 24 hours telling that there is an issue with the plugin, and that some people are exploiting this issue to redirect people on spam websites.

Wordfence has an in depth explanation of what is the issue in this case. I will leave the link for the post at the end of this page.

How to fix the redirect

My first thought was to uninstall it from the plugins of WordPress directly, but it wasn’t there, meaning that it needs to be done through cpanel. After logging in, I went to the Database of my WordPress instance and looked for the wp-options trying to find a reference for Yuzo. Since the XSS vulnerability is located inside the style page, I deleted the yuzo_related_post_options record.

This stopped the redirect and finally the starting page loaded again.

References

note A google search returns multiple website with the plugin enabled. I believe even more people will get affected by that issue.

  • Was this Helpful ?
  • Yes   No