
WPGateway a popular WordPress plugin has been under attack due to Zero-Day Vulnerability and is actively exploited potentially allowing malicious actors to completely take over affected sites.
The WPGateway plugin is a premium plugin that allows users of the WPGateway cloud service to set up and manage WordPress sites from a single dashboard.
This critical privilege escalation security flaw (CVE-2022-3180) enables unauthenticated attackers to add a rogue user with admin privileges to completely take over sites running the vulnerable WordPress plugin.
Tracked as CVE-2022-3180 with a CVSS score: 9.8, the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin. The most common indicator that a website running the plugin has been compromised is the presence of an administrator with the username “rangex.”
While Wordfence disclosed active exploitation of this security bug in the wild, it didn’t release additional information regarding these attacks and details regarding the vulnerability.
If you have the WPGateway plugin installed, we urge you to remove it immediately until a patch is made available and to check for malicious administrator users in your WordPress dashboard,
Wordfence Advisory
Wordfence says that it wants to prevent further exploitation that’s why we did not release any technical information on vulnerability or exploit because this will also likely allow more WPGateway customers to patch their installations before other attackers develop their exploits and join the attacks