Important Vulnerability on Advanced Custom Fields Plugin for WordPress

What are the issues?

In some cases, users of Imunify360 v4.7 can experience issues with IMAP authorization performance. These issues are related to the amount of UDP traffic produced when Imunify360 protects a server against brute force mail attacks. 

Web spam, phishing links, commercial comments, and other unwelcome additions to web pages is a big headache for many webmasters and blog owners. It seems to flow unceasingly to site users, and countermeasures such as comment approval, registration confirmation, and CAPTCHAs are inconvenient for admins and users alike. 

This week, the Imunify360 security team was informed of a new kind of attack, one that our customers told us caused these problems:

• Inoperable firewall
• High CPU resource consumption
• Log entries such as: im360.plugins.client360: Cannot connect the Server (imunify360.cloudlinux.com) [[Errno -2] Name or service not known]

When we investigated, we saw that these issues were caused by a SaltStack authorization bypass vulnerability (CVE References: CVE-2020-11651, CVE-2020-11652). This vulnerability enables remote command execution as root, on both the master and all minions that connect to it. It affects SaltStack Salt before 2019.2.4, and 3000 before 3000.2.

If you’re running Imunify360 on your servers, you should enable real-time scanning. Why and how should you do that? Find out below. 

WP-VCD is a hacking campaign that’s responsible for the vast majority of WordPress malware infections. It has launched massive campaigns that have been very effective. Conducted on weekends, when many security staff are off the job, its campaigns have infected around two million WordPress sites.