Important Vulnerability on Advanced Custom Fields Plugin for WordPress

During a routine review of Proactive Defense events, our security team noticed widespread activity from what appeared to be a WordPress optimization plugin called "WP Content Optimizer." The plugin header claimed version 3.0.2, authored by "Developer Tools Team," providing "advanced content delivery optimization and site health monitoring."

None of that was true. The plugin is a sophisticated backdoor packed into roughly 1,100 lines of PHP. It creates a hidden administrator account, makes itself invisible, removes security plugins, fights off competing malware, persists through deletion attempts, and delivers encrypted JavaScript payloads fetched from a Binance Smart Chain smart contract.

This post walks through the malware step by step: what it does, how it works, and why it makes the choices it does. We're publishing the full Indicators of Compromise so defenders can check their own environments.

We’re excited to share a milestone we’re genuinely proud of: The Imunify Security WordPress Plugin has now surpassed 500,000 active installations.

We are excited to announce that CloudLinux will be participating in the upcoming WordPress Agency Summit 2024, a premier event for web developers, designers, freelancers, and agencies focused on building fast, dynamic WordPress sites. This online summit, hosted by Crocoblock, will run from September 27th to 29th and feature a variety of presentations, workshops, and panel discussions.

We are thrilled to announce that CloudLinux will be participating in WordCamp US 2024, taking place from September 17–20 at the Oregon Convention Center in Portland, Oregon. This premier event brings together WordPress enthusiasts, developers, and industry leaders from around the globe, and we’re excited to be part of it!

Recently Imunify360 malware researchers received a couple of requests by the community to examine the “Quick Page/Post Redirect Plugin”. The plugin is widely used roughly in ~100k installations. This investigation will expose techniques used by plugins to inject ads passively into websites, in most of the cases the website’s owners do not even know or allow it. It will answer questions made by WordPress' broader community which didn’t have a chance to have proper feedback on forums.

Attention WordPress enthusiasts! The much-anticipated WordCamp Phoenix 2024 is just around the corner, and it’s shaping up to be an event you won’t want to miss. Scheduled for February 9-10 at Phoenix College in Arizona, this event promises to be a melting pot of ideas, innovations, and insights in the world of WordPress.

One of the easiest ways to attack a web site is to gain entry through a content management system, such as WordPress. To do this, hackers try to force a login to a site’s WordPress installation using frequently used passwords. These sorts of attacks are known as brute-force attacks. Additionally, read our website hosting security and WordPress Security article and learn how to keep your website secure.

The WordPress content management system or (CMS) is one of the most popular web applications on the market. It’s estimated that WordPress powers almost 43% of the internet, up from 30% just a few years ago. The foundation for the content management system’s success is its convenience, simple installation, and vast theme and plugin community. WordPress can be used by someone who has very little knowledge of the ways a web application functions, but it comes at the expense of security. The article covers the following topics:

The recent cyber attack found by Patchstack researcher Rafie Muhammad on the "Advanced Custom Fields" plugin for WordPress is a stark reminder of how vulnerable websites can be to hackers. In this case, over two million users were at risk of cyberattacks due to a vulnerability (a flaw, tracked as CVE-2023-30777) that allowed miscreants to inject malicious code into webpages and potentially hijack administrative accounts.

As a website owner, you understand the importance of keeping your site secure from the constantly growing cyber threats that lurk in the digital realm. While WordPress security plugins can offer some protection, they often fall short when compared to full-system security software. In this blog post, we'll delve into the limitations of WordPress security plugins and explain what you should look for in a security solution.