October 5, 2022

TheCyberThrone

Thinking Security ! Always

WPGateway -Zeroday exploit affects 2.8M sites

WPGateway a popular WordPress plugin has been under attack due to Zero-Day Vulnerability and is actively exploited potentially allowing malicious actors to completely take over affected sites.

The WPGateway plugin is a premium plugin that allows users of the WPGateway cloud service to set up and manage WordPress sites from a single dashboard.

Advertisements

This critical privilege escalation security flaw (CVE-2022-3180) enables unauthenticated attackers to add a rogue user with admin privileges to completely take over sites running the vulnerable WordPress plugin.

Tracked as CVE-2022-3180 with a CVSS score: 9.8, the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin. The most common indicator that a website running the plugin has been compromised is the presence of an administrator with the username “rangex.”

While Wordfence disclosed active exploitation of this security bug in the wild, it didn’t release additional information regarding these attacks and details regarding the vulnerability.

Advertisements

If you have the WPGateway plugin installed, we urge you to remove it immediately until a patch is made available and to check for malicious administrator users in your WordPress dashboard,

Wordfence Advisory

Wordfence says that it wants to prevent further exploitation that’s why we did not release any technical information on vulnerability or exploit because this will also likely allow more WPGateway customers to patch their installations before other attackers develop their exploits and join the attacks

%d bloggers like this: