Important Vulnerability on Advanced Custom Fields Plugin for WordPress

 

The new week started with a new campaign trying to widely use the Arbitrary File Upload vulnerability in the Simple File List plugin for WordPress.

Recently, we got a few support requests related to the usage of Imunify360 with Cloudflare. We’d like to explain the root cause and provide you with a workaround.

The issue was looking like an inability to pass the Captcha causing an endless loop. Further investigation revealed an issue caused by custom cache settings in the Cloudflare control panel.

This article wants to inform you about the changes in the next Imunify360 and ImunifyAV versions regarding file quarantining in the Malware Scanner. Explore the new features of Linux malware scanner for web servers below.

 

The high severity vulnerability in Post Grid WordPress plugin that appeared in public resources is suspected to be the cause of attackers’ interest to exploit the affected systems.

The discovered vulnerability allows an attacker to forge the template with further inclusion of its code to the application's backend with the ability to perform malicious actions involving privileged users. This could end up with a stolen administrator session or malware injection.

Frequently during an investigation of malicious activity, we face infections that spread through the attack vector that could not be covered by plain WAF rule. For instance, it is possible when

• • a user uploads the “nulled” theme or plugin from an untrusted source which already has malware and could append injection to the application’s core files after installation, or
  • the attacker gains access to the server with a stolen FTP, SSH, cPanel, WHM password. Read our new article with best practices on how to stay on top of cpanel security.

On Wednesday, 2 September, the Imunify360 Web Protection Team detected a significant rise in blocked malware that day. Most of the malware was located in the /wp-file-manager/lib/files/ directory path.

When we investigated, we determined that there was a critical vulnerability in the File Manager plugin for WordPress, and that this vulnerability affected a variety of applications.

As part of Imunify360’s proactive malware research activities, we recently identified that a plugin named Malicious Checker from WordPress repository, which can be used to identify malware in web servers, indeed had active malware inside one of the plugin’s source files. Additionally, check our WordPress Security Ultimate Guide for 2021 to learn more about WordPress Security.

 

Brute force attacks are the most commonly spread type of cyber attack. The goal of the attacker is to gain access to a popular Content Management System (CMS) like WordPress and then use the CMS dashboard’s administrative permissions to perpetrate further infection of the website.

Our monitoring system detected a significant spike in the triggering of WordPress brute force protection rule on July 24. The attack lasted from 2am to 5pm UTC and consisted of approximately 15 million

At 11 am EST on Friday 14 August, we’ll be conducting a live webinar on the new features and updates of Imunify360. Sign up and join the conversation on what’s new with our automated server protection suite. The webinar recording is available here.

 

Prior to version 4.9, Imunify360 used embedded reCAPTCHA keys to show Google reCAPTCHA challenge for greylisted IP addresses and did not require any settings for captcha challenge. Starting from v4.9, Imunify360 admins can specify their own reCAPTCHA keys for the server.

In this article, you can find a step by step guide on how to set up a custom site and secret keys for your Imunify360 server.