Important Vulnerability on Advanced Custom Fields Plugin for WordPress

The Web Application Firewall (WAF) is one of the key elements of Imunify’s web server protection system. It contains hundreds of rules to protect against all known (and some as-yet unknown) vulnerabilities. 

Our rule-intensive WAF provides excellent protection, but it does have potential drawbacks. The more rules are included, the more resources Imunify can consume, and the slower the server can get. Also, including more rules can increase the number of false positives, or erroneously identified “threats.” 

Over a typical 3-month span, the average server has around 1500 kinds of malware injected into its files. Lately, a great many of these injections have been occurring in WordPress installations. What should you do when malicious code is injected into WordPress files? 

bbPress, a popular WordPress plugin, was recently found to contain a serious vulnerability. 

How should bbPress users address it? The best way is to update the plugin and install the latest version. But if they can’t or don’t do this, Imunify has them covered. Read below to find out how. Additionally, check our WordPress Security Ultimate Guide for 2021 to learn more about WordPress Security.

8 Jun, 2020 new Black Hashes DB for Imunify products were released.

Release details:

       UUID: 0d09db4d-8610-4a74-b026-1934bb1e9854

       Date: 2020-06-08 

By this update legitimate WordPress file wp-blog-header.php was rated as malicious with verdict SMW-BLKH-46666-auto which caused False Positive alerts.