Important Vulnerability on Advanced Custom Fields Plugin for WordPress

Despite the fact that the festive season already starts in December, this month was busy for the Imunify Security team. Keep on reading to find out more about the latest package updates and some tips on how to stay secure. Stay safe and hopefully 2021 will bring you a lot of joy and pleasant moments!

 

A hacker might not cause any noticeable damage when infiltrating your web server. You may not notice any change in performance or any loss of data.

Here we announced the issue related to WebShield in Imunify360. As a quick-fix measure, we disabled WebShield remotely for the customers. 

Recently, we’ve noticed an issue related to WebShield in Imunify360. You can recognize it as an infinite loading of the page for a website using Cloudflare. A few customers with more than 75K greylisted IPs might be affected.

 

The new week started with a new campaign trying to widely use the Arbitrary File Upload vulnerability in the Simple File List plugin for WordPress.

Recently, we got a few support requests related to the usage of Imunify360 with Cloudflare. We’d like to explain the root cause and provide you with a workaround.

The issue was looking like an inability to pass the Captcha causing an endless loop. Further investigation revealed an issue caused by custom cache settings in the Cloudflare control panel.

This article wants to inform you about the changes in the next Imunify360 and ImunifyAV versions regarding file quarantining in the Malware Scanner. Explore the new features of Linux malware scanner for web servers below.

 

The high severity vulnerability in Post Grid WordPress plugin that appeared in public resources is suspected to be the cause of attackers’ interest to exploit the affected systems.

The discovered vulnerability allows an attacker to forge the template with further inclusion of its code to the application's backend with the ability to perform malicious actions involving privileged users. This could end up with a stolen administrator session or malware injection.

Frequently during an investigation of malicious activity, we face infections that spread through the attack vector that could not be covered by plain WAF rule. For instance, it is possible when

• • a user uploads the “nulled” theme or plugin from an untrusted source which already has malware and could append injection to the application’s core files after installation, or
  • the attacker gains access to the server with a stolen FTP, SSH, cPanel, WHM password. Read our new article with best practices on how to stay on top of cpanel security.