Important Vulnerability on Advanced Custom Fields Plugin for WordPress

Brute force attacks are the most commonly spread type of cyber attack. The goal of the attacker is to gain access to a popular Content Management System (CMS) like WordPress and then use the CMS dashboard’s administrative permissions to perpetrate further infection of the website.

Our monitoring system detected a significant spike in the triggering of WordPress brute force protection rule on July 24. The attack lasted from 2am to 5pm UTC and consisted of approximately 15 million

At 11 am EST on Friday 14 August, we’ll be conducting a live webinar on the new features and updates of Imunify360. Sign up and join the conversation on what’s new with our automated server protection suite. The webinar recording is available here.

Prior to version 4.9, Imunify360 used embedded reCAPTCHA keys to show Google reCAPTCHA challenge for greylisted IP addresses and did not require any settings for captcha challenge. Starting from v4.9, Imunify360 admins can specify their own reCAPTCHA keys for the server.

In this article, you can find a step by step guide on how to set up a custom site and secret keys for your Imunify360 server.

The Imunify security team recently detected a vulnerable plugin in the WordPress plugin directory. It’s called PressForward, and it’s used to manage editorial workflow. This free plugin included an iframe that could be used to send visitors to a malicious web page. 

The Imunify team identified the vulnerability in this plugin on the first of July, 2020. At the time it was discovered, the plugin was installed on 800+ websites, where it could be used to send visitors to phishing sites and conduct black SEO campaigns. The plugin’s change log indicates that it has been there for almost a year:

 

What are the issues?   

In rare cases, users of Imunify360, versions 4.9.2 and up, may experience issues with Webshield stability.

These issues are related to peculiarities of ip utility output, so servers having bondings with VLANs will not generate upstreams.conf. After the upgrade, attempting to restart Webshield leads to undetected interfaces, and Webshield refuses to start.