6.3.12 has vulnerabilityPATCHSTACK:BD9D31151 | ww.wp.xz.cn

Resolved clip1492
(@clip1492)

1 year, 3 months ago

imunify360 has found this:

advanced-custom-fields version 6.3.12 has vulnerability(s): PATCHSTACK:BD9D311515BB184495B0975518D5B4E0

my server has been compromised with a full ecosystem of malware 3 hours after the email from cpanel / imunify. I got notified that unknown networks acceded to pure-ftp and cpanel, deploying a full ecosystem of malware to get control of the server. I am afraid that the full server needs to be deleted including other accounts, as the malware has gained privileges. Now the server is stopped.

I haven’t found info on search engines about this vulnerability, other than the imunify notification.
do you have guys any info about this issue? I will not use ACF without a vulnerability fix. And please, this is a real case I am dealing with.

Viewing 1 replies (of 1 total)

Plugin Support ACF Support
(@acfsupport)

1 year, 3 months ago

Hi @clip1492

Please reach out to support directly by submitting a ticket with those details. You can open a ticket from here https://www.advancedcustomfields.com/contact/

Kind regards,
Noah.

Viewing 1 replies (of 1 total)

The topic ‘6.3.12 has vulnerabilityPATCHSTACK:BD9D31151’ is closed to new replies.

1 reply
2 participants
Last reply from: ACF Support
Last activity: 1 year, 3 months ago
Status: resolved