CVE-2019-11869 Scanner

The Yuzo Related Posts plugin is a popular WordPress plugin that helps website owners display related posts to their visitors. With over 60,000 active installations, this plugin is widely used to improve user engagement by suggesting related content to readers. Typically, website owners use this plugin to keep visitors engaged with their website content and drive traffic to their pages.

However, the Yuzo Related Posts plugin was recently found to have a serious security vulnerability code CVE-2019-11869. This vulnerability arises from the plugin mistakenly expecting that requests come from administrative users when is_admin() function is called. Unfortunately, the is_admin() function only checks if the requested page is an admin page, which leaves the plugin open to cross-site scripting (XSS) attacks.

When an attacker exploits this vulnerability, they can inject malicious code into the plugin settings. This malicious code will then be executed whenever a user accesses the settings page, potentially allowing the attacker to compromise user data or even take over the website. The exploit also exposes the website to further attacks, making it vulnerable to other types of hacker attacks.

In conclusion, the Yuzo Related Posts plugin for WordPress is a popular tool for improving user engagement on websites that can be vulnerable to cyber attacks. It's important for website owners to stay vigilant and take appropriate measures to keep their websites safe. By using a reliable security tool like securityforeveryone.com, website owners can stay updated on the latest vulnerabilities and take immediate action to protect their digital assets.

REFERENCES

• https://wpvulndb.com/vulnerabilities/9254
• https://www.pluginvulnerabilities.com/2019/03/30/wordpress-plugin-team-paints-target-on-exploitable-settings-change-vulnerability-that-permits-persistent-xss-in-related-posts/
• https://www.wordfence.com/blog/2019/04/yuzo-related-posts-zero-day-vulnerability-exploited-in-the-wild/