Important Vulnerability on Advanced Custom Fields Plugin for WordPress

Dear Customers,

We hope this message finds you well. We are writing to inform you of a recent issue with ImunifyEmail.

Dear Imunify Users,

We have an important update regarding the development of ImunifyAV, ImunifyAV+, and Imunify360 on CentOS 6 and CloudLinux OS 6.

We are thrilled to announce the official commercial launch of ImunifyEmail, the latest addition to our suite of cybersecurity solutions, scheduled for June 1st. 

Following its successful beta release in February 2022 and subsequent production launch in May 2023, ImunifyEmail has rapidly gained traction, demonstrating its effectiveness in safeguarding email communications for businesses worldwide.

On April 1st, Google will implement a new pricing model that will significantly reduce the free tier usage of reCAPTCHA and introduce new prices for the reCAPTCHA Enterprise service. Although reCAPTCHA offers decent bot protection, it is not without its flaws, yet remains quite effective. However, we at Imunify360 have decided to discontinue its use within our protection suite. This decision stems not solely from the new costs associated with its use, but more importantly, because we have developed our own bot protection technology, SplashScreen, which our recent research has shown to be as effective as Google’s reCAPTCHA.

UPD: WebShield 1.25.0 was first released to Beta on March 26 with included updates DEF-27382 PoC for the Get rid of reCaptcha epic/DEF-27508 Test&merge get rid of reCaptcha to master.
Starting from WebShield the 1.25.0 release, the Imunify360 JS challenge is used for the requests from the IPs that were graylisted.

Securing a server requires the right configurations, but securing a server that protects your data and all other customers hosted on the server is much more complex. Without the right tools, a hosting provider would need several technicians to handle customer tickets, analyze the problem, and remediate cybersecurity issues. Imunify360 monitors, stops, and remediates many common exploits, saving server administrators time and owners' money. In this article you will discover the following:

We designed a set of messages to report information about security threats that are dangerous for the server. Imunify uses cPanel contact manager to send notifications about those threats. We hope you will find them helpful. This feature can be managed through CLI. 

IMPORTANT: Upcoming Requirement for Configuration

In one month, a change will take effect for all users utilizing generic control panel integration.

The "[integration_scripts].panel_info" option, currently optional, will become mandatory. This requirement is exclusive to generic control panel users and does not apply to those on cPanel, Plesk, or DirectAdmin.

We ask you to prepare by populating this option with the appropriate script, as detailed in our documentation: Specifying Panel Information Documentation.

We’re pleased to announce the launch of a new Imunify360 feature called MyImunify, designed to help hosting companies generate revenue from their security services and give more flexibility with their hosting plans.