Important Vulnerability on Advanced Custom Fields Plugin for WordPress

On April 1st, Google will implement a new pricing model that will significantly reduce the free tier usage of reCAPTCHA and introduce new prices for the reCAPTCHA Enterprise service. Although reCAPTCHA offers decent bot protection, it is not without its flaws, yet remains quite effective. However, we at Imunify360 have decided to discontinue its use within our protection suite. This decision stems not solely from the new costs associated with its use, but more importantly, because we have developed our own bot protection technology, SplashScreen, which our recent research has shown to be as effective as Google’s reCAPTCHA.

UPD: WebShield 1.25.0 was first released to Beta on March 26 with included updates DEF-27382 PoC for the Get rid of reCaptcha epic/DEF-27508 Test&merge get rid of reCaptcha to master.
Starting from WebShield the 1.25.0 release, the Imunify360 JS challenge is used for the requests from the IPs that were graylisted.

Securing a server requires the right configurations, but securing a server that protects your data and all other customers hosted on the server is much more complex. Without the right tools, a hosting provider would need several technicians to handle customer tickets, analyze the problem, and remediate cybersecurity issues. Imunify360 monitors, stops, and remediates many common exploits, saving server administrators time and owners' money. In this article you will discover the following:

We designed a set of messages to report information about security threats that are dangerous for the server. Imunify uses cPanel contact manager to send notifications about those threats. We hope you will find them helpful. This feature can be managed through CLI. 

IMPORTANT: Upcoming Requirement for Configuration

In one month, a change will take effect for all users utilizing generic control panel integration.

The "[integration_scripts].panel_info" option, currently optional, will become mandatory. This requirement is exclusive to generic control panel users and does not apply to those on cPanel, Plesk, or DirectAdmin.

We ask you to prepare by populating this option with the appropriate script, as detailed in our documentation: Specifying Panel Information Documentation.

We’re pleased to announce the launch of a new Imunify360 feature called MyImunify, designed to help hosting companies generate revenue from their security services and give more flexibility with their hosting plans. 

Dear Imunify customers,
We would like to inform you about a recent security incident that may have affected the analytical data collected from your servers by the Imunify product (e.g., attacker IP addresses, captcha events, etc.). Your privacy and information security are our top priorities, and we deeply regret any inconvenience this may cause.