WPGateway WordPress plugin has been under attack due to Zero-Day Vulnerability, Security researchers’ team warned today that WordPress sites are actively targeted with exploits targeting a zero-day vulnerability in the WPGateway premium plugin.
A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites.
The WPGateway plugin is a premium plugin that allows users of the WPGateway cloud service to set up and manage WordPress sites from a single dashboard.
This critical privilege escalation security flaw (CVE-2022-3180) enables unauthenticated attackers to add a rogue user with admin privileges to completely take over sites running the vulnerable WordPress plugin.
Tracked as CVE-2022-3180 (CVSS score: 9.8), the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin, WordPress security company Wordfence noted.
“On September 8, 2022, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability being used to add a malicious administrator user to sites running the WPGateway plugin.” reads the advisory published by Wordfence.
While Wordfence disclosed active exploitation of this security bug in the wild, it didn’t release additional information regarding these attacks and details regarding the vulnerability.
The most common indicator that a website running the plugin has been compromised is the presence of an administrator with the username “rangex.”
“If you have the WPGateway plugin installed, we urge you to remove it immediately until a patch is made available and to check for malicious administrator users in your WordPress dashboard,” the advisory concludes.
Wordfence says that it wants to prevent further exploitation that’s why we did not release any technical information on vulnerability or exploit because this will also likely allow more WPGateway customers to patch their installations before other attackers develop their exploits and join the attacks.
Comments are closed, but trackbacks and pingbacks are open.