Important Vulnerability on Advanced Custom Fields Plugin for WordPress

Having a safe website to advertise and visit is one of the policies that website owners should adhere to when running ad campaigns with Google Ads. 'Compromise Website' is one of the policies that will cause an ads campaign on a website to be disapproved. This essentially means that the website has been hacked or compromised somehow, making it unsafe for users.

Recently Imunify360 malware researchers received a couple of requests by the community to examine the “Quick Page/Post Redirect Plugin”. The plugin is widely used roughly in ~100k installations. This investigation will expose techniques used by plugins to inject ads passively into websites, in most of the cases the website’s owners do not even know or allow it. It will answer questions made by WordPress' broader community which didn’t have a chance to have proper feedback on forums.

One of the easiest ways to attack a web site is to gain entry through a content management system, such as WordPress. To do this, hackers try to force a login to a site’s WordPress installation using frequently used passwords. These sorts of attacks are known as brute-force attacks. Additionally, read our website hosting security and WordPress Security article and learn how to keep your website secure.

We are thrilled to announce that the Imunify Security team from CloudLinux will be attending CloudFest USA 2023 from May 31st to June 3rd in Austin, TX, USA. As the proud Gold Sponsor of this event, we're gearing up to connect with you and showcase our innovative solutions that keep the cloud safe and secure.