Email automation and delivery service Mailgun was one of the many companies that have been hacked as part of a massive coordinated attack against WordPress sites. The attacks exploited an unpatched cross-site scripting (XSS) vulnerability in a WordPress plugin named Yuzo Related Posts. The vulnerability allowed hackers to inject code in vulnerable sites, which they later used to redirect incoming visitors to all sorts of nasties, such as tech support scams, sites peddling malware-laced software updates, or plain ol’ spammy pages showing ads.
Source: ZDNet