Important Vulnerability on Advanced Custom Fields Plugin for WordPress

This week, the Imunify360 security team was informed of a new kind of attack, one that our customers told us caused these problems:

• Inoperable firewall
• High CPU resource consumption
• Log entries such as: im360.plugins.client360: Cannot connect the Server (imunify360.cloudlinux.com) [[Errno -2] Name or service not known]

When we investigated, we saw that these issues were caused by a SaltStack authorization bypass vulnerability (CVE References: CVE-2020-11651, CVE-2020-11652). This vulnerability enables remote command execution as root, on both the master and all minions that connect to it. It affects SaltStack Salt before 2019.2.4, and 3000 before 3000.2.

If you’re running Imunify360 on your servers, you should enable real-time scanning. Why and how should you do that? Find out below. 

WP-VCD is a hacking campaign that’s responsible for the vast majority of WordPress malware infections. It has launched massive campaigns that have been very effective. Conducted on weekends, when many security staff are off the job, its campaigns have infected around two million WordPress sites. 

We’re pleased to announce that a new version of Imunify360, an automated security solution for Linux servers, has been scheduled for gradual rollout from our production repository and will be available for all customers in about two weeks or less. If you’d like to get it earlier, see instruction at the end of the post.