Important Vulnerability on Advanced Custom Fields Plugin for WordPress

Recently Imunify360 malware researchers received a couple of requests by the community to examine the “Quick Page/Post Redirect Plugin”. The plugin is widely used roughly in ~100k installations. This investigation will expose techniques used by plugins to inject ads passively into websites, in most of the cases the website’s owners do not even know or allow it. It will answer questions made by WordPress' broader community which didn’t have a chance to have proper feedback on forums.

One of the easiest ways to attack a web site is to gain entry through a content management system, such as WordPress. To do this, hackers try to force a login to a site’s WordPress installation using frequently used passwords. These sorts of attacks are known as brute-force attacks. Additionally, read our website hosting security and WordPress Security article and learn how to keep your website secure.

We are thrilled to announce that the Imunify Security team from CloudLinux will be attending CloudFest USA 2023 from May 31st to June 3rd in Austin, TX, USA. As the proud Gold Sponsor of this event, we're gearing up to connect with you and showcase our innovative solutions that keep the cloud safe and secure.