Important Vulnerability on Advanced Custom Fields Plugin for WordPress

As part of Imunify360’s proactive malware research activities, we recently identified that a plugin named Malicious Checker from WordPress repository, which can be used to identify malware in web servers, indeed had active malware inside one of the plugin’s source files. Additionally, check our WordPress Security Ultimate Guide for 2021 to learn more about WordPress Security.

 

Brute force attacks are the most commonly spread type of cyber attack. The goal of the attacker is to gain access to a popular Content Management System (CMS) like WordPress and then use the CMS dashboard’s administrative permissions to perpetrate further infection of the website.

Our monitoring system detected a significant spike in the triggering of WordPress brute force protection rule on July 24. The attack lasted from 2am to 5pm UTC and consisted of approximately 15 million

 

The Imunify security team recently detected a vulnerable plugin in the WordPress plugin directory. It’s called PressForward, and it’s used to manage editorial workflow. This free plugin included an iframe that could be used to send visitors to a malicious web page. 

The Imunify team identified the vulnerability in this plugin on the first of July, 2020. At the time it was discovered, the plugin was installed on 800+ websites, where it could be used to send visitors to phishing sites and conduct black SEO campaigns. The plugin’s change log indicates that it has been there for almost a year:

bbPress, a popular WordPress plugin, was recently found to contain a serious vulnerability. 

How should bbPress users address it? The best way is to update the plugin and install the latest version. But if they can’t or don’t do this, Imunify has them covered. Read below to find out how. Additionally, check our WordPress Security Ultimate Guide for 2021 to learn more about WordPress Security.

At 11am EST on Friday 29 May, we’ll be conducting a live webinar on the new features and updates of Imunify360. Sign up and join the conversation on what’s new with our automated server protection suite.

The webinar recording is now available. You could watch it here.

 

Web sites running WordPress are like catnip for hackers. Among the millions of WordPress users are many with weak login credentials, which are exploited to launch malware campaigns. 

Many such campaigns have been launched recently, and we at Imunify360 have discovered another one. We first detected it on 13 April, and since then we’ve seen it blocked by Imunify over 300,000 times. In the past month, this campaign has compromised thousands of unprotected WordPress-based web sites. 

Let’s analyze this new WordPress malware campaign to see what makes it dangerous to web sites running WordPress. Additionally, check our WordPress Security Ultimate Guide for 2021 to learn more about WordPress Security.

Last week the Imunify360 Operations Team spotted some malware embedded in a WordPress plugin. On Thursday, they reported it to the WordPress Plugin Review Team, who closed that plugin the very next day. 

We’d like to share with you what our Operations Team saw, so you know more about how malicious plugins work, and how you can avoid them. Additionally, read our website hosting security article and learn how to keep your website secure in 2021.