WordPress YP Plug-in Vulnerability Actively Exploited

Last week a security researcher publicly posted a proof of concept (POC) highlighting how vulnerabilities in Yellow Pencil Visual Theme Customizer (YP) could be exploited. Unfortunately, Wordfence Security has reported a high volume of attempts to exploit the flaw before patches were made available. The most affected sites have two plug-ins in common, Yuzo Posts and YP, with an estimated 160,000 websites activelys using the YP plug-in. The vulnerability allows a threat actor to elevate privileges and change both the site and home URLs with a Structured Query Language (SQL) injection. At this time, the malicious script being used is hosted on the domain “hellofromhony[.]com,” and resolves to 176.123.9[.]53 that has been used in four other attacks by the same threat actor. This domain is redirecting traffic to malicious sites. The NJCCIC recommends users patch systems as updates become available.