Woke up this morning to find one of my most important wordpress blogs was redirecting affiliate links to malware. After various attempts at a quick fix I did a Google search and discovered that it was a recent mass hack of the YUZE related posts plugin. Some twat 'security researcher' had discovered a vulnerability in the plugin and then published the code online instead of informing the makers of the plugin.
I know a lot of you with wordpress blogs will be using that plugin. Apparently 60,000 have been affected already. Anyway, removing the plugin seems to have worked, although the patched up version of it still isn't available and there doesn't seem to be any decent alternative listed in the WP library (YARPP isn't showing in the WP plugin library - maybe they are waiting to see if that shared the same vulnerability?).
https://www.zdnet.com/article/mailgu...rdpress-sites/