The WordPress plugin repository team may “close” plugins and restrict downloads when they become aware of a security issue that the developer cannot fix quickly.

However, bad actors are actively monitoring the WordPress plugin repository, paying close attention to these closed plugins. This may result in massive attacks if the attacker is able to identify the vulnerability and begin exploiting it.

yuzo-related-post Plugin

That’s the case for the plugin yuzo-related-post version 5.12.91 that was closed on March 30th so that new users couldn’t download it.

Continue reading Attacks on Closed WordPress Plugins at Sucuri Blog.

Via Sucuri.net