Important Vulnerability on Advanced Custom Fields Plugin for WordPress

The Imunify security team has identified a security threat: a website, wpnull24.com, that provides WordPress themes infected with malware. This site offers “nulled” themes, or paid-for themes that have been modified so they can be downloaded for free. 

The themes provided free of charge at wpnull24.com are particularly dangerous, because installing one of them infects all of a site’s themes, plugins, and core WordPress files with malware. Once a site is infected, it can be used for black SEO, phishing, and sending spam as well. Access to an infected site can also be sold to other cyber-criminals. 

We’re pleased to announce that a new beta version of Imunify360 is now available. This new Imunify360 v.4.9.4 beta release includes the following changes.

The Web Application Firewall (WAF) is one of the key elements of Imunify’s web server protection system. It contains hundreds of rules to protect against all known (and some as-yet unknown) vulnerabilities. 

Our rule-intensive WAF provides excellent protection, but it does have potential drawbacks. The more rules are included, the more resources Imunify can consume, and the slower the server can get. Also, including more rules can increase the number of false positives, or erroneously identified “threats.” 

Over a typical 3-month span, the average server has around 1500 kinds of malware injected into its files. Lately, a great many of these injections have been occurring in WordPress installations. What should you do when malicious code is injected into WordPress files? 

bbPress, a popular WordPress plugin, was recently found to contain a serious vulnerability. 

How should bbPress users address it? The best way is to update the plugin and install the latest version. But if they can’t or don’t do this, Imunify has them covered. Read below to find out how. Additionally, check our WordPress Security Ultimate Guide for 2021 to learn more about WordPress Security.