WordPress Plugin vulnerabilities – Rich Reviews and GiveWP.

Last updated Jun 14, 2020 at 11:36AM | Published on Oct 16, 2019 | Web Hosting News, WordPress News

If you installed any of these two WordPress Plugins:

• GiveWP
• Rich Reviews

.

Please update or remove them immediately from your WordPress site.
The two plugins have vulnerabilities that will allow hackers to either place malicious code on your site to infect your visitors or even gain access to your WordPress website and take full control.

If you are unsure how to do this, please contact our support team for help.

In addition, if you are using one of those two plugins, have HelpingHost.com support review your WordPress site to make sure no backdoors or users were installed.

WordPress Plugin – Yuzo Related Posts – is vulnerable to malware.

Last updated Jun 14, 2020 at 11:36AM | Published on Apr 12, 2019 | Web Hosting News, WordPress News

If you are using the Yuzo Related Posts WordPress plugin, please remove it from your WordPress installation ASAP.

We are starting to see customer websites that are using the plugin being redirected to malware websites.

There is currently NO PATCH available. Which means you HAVE TO remove the plugin.

Without going into to much detail:
The attacker calls this vulnerable plugin with certain parameters that in turn inserts code into the options of this plugin. That code currently seems to be javascript code that performs the various redirects to malware.

We have started to pro-actively implement additional protection into our Intrusion detection system to reduce the chance of a successful attack.
We have also began to scan all customers websites for this plugin and remove it if found. However, we of course prefer for you to login to your WordPress admin and remove it yourself as soon as possible.

If you have any questions or need help, please contact our support team as usual.