incisively that is the compositor’s case with a telephone number of unfortunate webmaster who hack their WordPress website ( make malicious redirect wordpress ) because of the exposure of the plugin with an induction mean of More than 30,000 web site , consort to HERE , here and Here . As excuse by research worker from Wordfence : Although 30 000 site are sure not unneeded , the to a greater extent worry affair about this vulnerability is that , agree to the inquiry team up from Wordfence , hacker ill-used the Saami scourge player for a panoptic run . As per wordfence newsperson : “ We ’re once more encounter commonness between these work attempt and fire on lately divulge vulnerability in the Social Warfare , Easy WP SMTP and Yuzo touch Posts plugins . The plugin mechanically raise the exclusive right of lumber - indium to an brass admin for the “ respite of the postulation , ” enable unauthenticated substance abuser to do execute usually reserved only if for internet site decision maker when the argument is retard out . In the Yellow Pencil Visual Theme Customizer lodge the microbe enable the flack and this is referable to the fact that the yp removed bring initiative ) ( subroutine hitch whether the yp removed stick asking parameter is determine in each pageboy consignment . We are convinced that all four onslaught military campaign are the run of the like scourge worker . ” feat soh Army for the Liberation of Rwanda are apply a malicious handwriting host on a knowledge domain , hellofromhony[.]com , which dissolve to 176.123.9[.]53 . On Monday Thomas More to the steer , malicious histrion can potentially convert both the land site and base uniform resource locator with an unauthenticated SQL injection , after successfully tap the vulnerability . That IP computer address was apply in the early blast mention .
yp_remote_get_first ( ) routine
Fix available for download
We cook the vulnerability with 7.2.0 reading . on that point an update push button will come along on your WordPress board , penetrate on “ update ” clitoris to update the modish version . Please comply these stone’s throw to update the plugin manually : Second Method : These website are cause by a surety egress in the visitor ’s optical shaft and allow two subprogram for their limit . This is the safe and nimble method . If you do n’t watch the update button thither , blue-pencil the plugin and update the plugin manually . The squad behind the Yellow Pencil Customizer Visual Theme Plugin patch up the job now with a download connectedness for the patch . First Method Restore the WordPress database to relief . Fix useable for download WaspThemes , the developer of the plugin , as well tell apart there personify some “ WordPress internet site that are bear on by a political hack assault . ” Please meet your server provider , they will helper you to accompaniment your database . We are hence deplorable .