Imunify360 Blog

Important Vulnerability on Advanced Custom Fields Plugin for WordPress

Written by Eric Ellis | May 10, 2023 4:04:30 PM


The recent cyber attack found by Patchstack researcher Rafie Muhammad on the "Advanced Custom Fields" plugin for WordPress is a stark reminder of how vulnerable websites can be to hackers. In this case, over two million users were at risk of cyberattacks due to a vulnerability (a flaw, tracked as CVE-2023-30777) that allowed miscreants to inject malicious code into webpages and potentially hijack administrative accounts.

This vulnerability was discovered and reported to the vendor in February and although it was time sensitive, the related patch was released only a few days ago. The users of this plugin now have to update it to at least version 6.1.6 to prevent getting attacked, if not already.  

 

 

Imunify360 has a strong heuristic subsystem that uses machine learning algorithms and signature-based detection to identify and block malicious actors in real time. It also includes features such as WAF (Web Application Firewall), a Proactive defense module that acts blocking scripts at runtime, an advanced IPS/IDS mechanisms that have its proper PAM module as innovative technology to block brute-force attacks in service level decreasing false-positives, ossec and its heuristic RBL along with a well-designed greylisting (webshield/captcha), and a high-performance malware scanner with support on detection through Linux file-system kernel events that when working together detects and mitigates complex cyber-attacks.

 

 

In the case of the Advanced Custom Fields vulnerability, Imunify360's WAF could have been used to block any attempts to exploit the vulnerability by filtering out malicious traffic before it reached the website. Its IDS/IPS could have also detected any attempts to exploit the vulnerability and prevented them from succeeding.

 

Furthermore, Imunify360's malware scanner could have helped to detect any malware that may have been injected into the website due to the vulnerability, ensuring that it is removed before it can cause any harm.

 

Imunify360 is a powerful security solution that can help protect websites and their users from various types of cyber attacks.

 

In the case of the Advanced Custom Fields vulnerability, Imunify360 could have been used to prevent the vulnerability from being exploited, ensuring that over two million users are protected from potential cyber attacks.

 

Protect Yourself Now!