Important Vulnerability on Advanced Custom Fields Plugin for WordPress

The Web Application Firewall (WAF) is one of the key elements of Imunify’s web server protection system. It contains hundreds of rules to protect against all known (and some as-yet unknown) vulnerabilities. 

Our rule-intensive WAF provides excellent protection, but it does have potential drawbacks. The more rules are included, the more resources Imunify can consume, and the slower the server can get. Also, including more rules can increase the number of false positives, or erroneously identified “threats.” 

Over a typical 3-month span, the average server has around 1500 kinds of malware injected into its files. Lately, a great many of these injections have been occurring in WordPress installations. What should you do when malicious code is injected into WordPress files? 

bbPress, a popular WordPress plugin, was recently found to contain a serious vulnerability. 

How should bbPress users address it? The best way is to update the plugin and install the latest version. But if they can’t or don’t do this, Imunify has them covered. Read below to find out how. Additionally, check our WordPress Security Ultimate Guide for 2021 to learn more about WordPress Security.

8 Jun, 2020 new Black Hashes DB for Imunify products were released.

Release details:

       UUID: 0d09db4d-8610-4a74-b026-1934bb1e9854

       Date: 2020-06-08 

By this update legitimate WordPress file wp-blog-header.php was rated as malicious with verdict SMW-BLKH-46666-auto which caused False Positive alerts.

What are the issues?

In some cases, users of Imunify360 v4.7 can experience issues with IMAP authorization performance. These issues are related to the amount of UDP traffic produced when Imunify360 protects a server against brute force mail attacks. 

Web spam, phishing links, commercial comments, and other unwelcome additions to web pages is a big headache for many webmasters and blog owners. It seems to flow unceasingly to site users, and countermeasures such as comment approval, registration confirmation, and CAPTCHAs are inconvenient for admins and users alike.