Important Vulnerability on Advanced Custom Fields Plugin for WordPress

During a routine review of Proactive Defense events, our security team noticed widespread activity from what appeared to be a WordPress optimization plugin called "WP Content Optimizer." The plugin header claimed version 3.0.2, authored by "Developer Tools Team," providing "advanced content delivery optimization and site health monitoring."

None of that was true. The plugin is a sophisticated backdoor packed into roughly 1,100 lines of PHP. It creates a hidden administrator account, makes itself invisible, removes security plugins, fights off competing malware, persists through deletion attempts, and delivers encrypted JavaScript payloads fetched from a Binance Smart Chain smart contract.

This post walks through the malware step by step: what it does, how it works, and why it makes the choices it does. We're publishing the full Indicators of Compromise so defenders can check their own environments.

Recently, the Imunify360 team discovered high severity vulnerabilities in Piotnet Forms Free/Pro and Piotnet Addons for Elementor Pro Plugins. Sergey Brazhnik, Security Analyst from Imunify360 Web Protection Team conducted a detailed analysis of Piotnet forms and addons vulnerabilities. Keep on reading to find out more about the following:

1. Piotnet Vulnerabilities: Summary and Timeline
2. Piotnet Vulnerabilities Details
3. Recommendations
4. Recommended articles

The Imunify security team has identified a security threat: a website, wpnull24.com, that provides WordPress themes infected with malware. This site offers “nulled” themes, or paid-for themes that have been modified so they can be downloaded for free. 

The themes provided free of charge at wpnull24.com are particularly dangerous, because installing one of them infects all of a site’s themes, plugins, and core WordPress files with malware. Once a site is infected, it can be used for black SEO, phishing, and sending spam as well. Access to an infected site can also be sold to other cyber-criminals.