Important Vulnerability on Advanced Custom Fields Plugin for WordPress

We are issuing this security advisory regarding a vulnerability discovered in the AI-Bolit component of Imunify products. A patch for this vulnerability was released on October 23, 2025, and has already been automatically deployed to the vast majority of servers.

We are pleased to announce the launch of the CloudLinux Network (CLN) API v2. This is a significant step forward in our mission to provide powerful, modern tools that help you automate license and server management, streamline your workflows, and integrate Imunify products directly into your environment.

WordPress now powers more than half of the web, making it the world’s most popular CMS by a country mile. That dominance has fueled the growth of WordPress-managed hosting, as it’s built to handle performance, updates, and backups. It means businesses don’t have to have so much technical talent to manage their sites.

Here at Imunify, we're always monitoring web data at scale - and we've noticed a clear trend: legitimate AI bots, like those from Meta, Apple, OpenAI, and other reputable organizations, are increasingly behaving aggressively, excessively consuming server resources, and often ignoring instructions in files like robot.txt.

These sorts of issues caused by AI-powered bots can severely impact both website performance and resource efficiency.

To assist hosting providers and website owners in effectively managing these aggressive bots, we’ve created specialized ModSecurity rule sets designed to precisely and effectively block significant AI bot traffic for some of the most popular AI modules.

As many of you know, ConfigServer officially ceased all operations on August 31 2025, marking the end-of-life for its entire suite of products, including the widely-used ConfigServer Security & Firewall (CSF) service. So, what should you do next?

At CloudLinux, we are committed to ensuring our Imunify security suite stays ahead of the curve, providing you with comprehensive protection on the latest platforms.

Now, the Imunify product line now offers official, stable support for AlmaLinux 10.

Every server admin knows the feeling. You get a security alert for a critical website. Maybe it’s a high-traffic e-commerce store, a client’s site with years of content, or your own business hub - and now, it’s vulnerable.

 

When we launched the Imunify Security WordPress Plugin, our goal was clear: make security visible to site owners by showcasing the protection hosting providers deliver with Imunify360.

After rapidly reaching 50,000 installations, we are excited to share that over 260,000 WordPress websites now have the plugin installed and active.

And now, we're ready for V2.

Did you know that ImunifyAV, ImunifyAV+, and Imunify360 come with powerful cloud-based malware detection?

We are writing to inform you about an important update to our software repository for Ubuntu 24. We have replaced the PGP key used to sign our repository metadata.