WordPress websites are again at risk. Hackers are actively exploiting a zero-day vulnerability in the latest version of a WordPress premium plugin WPGateway. The vulnerability in the WPGateway plugin lets an attacker take over the website using the plugin.
The vulnerability is tracked as CVE-2022-3180 and has a CVSS score of 9.8. This vulnerability allows an attacker to add a malicious administrator to the WordPress website using the WPGateway plugin. In most cases, attackers add an administrator with the username “rangex.” If you use the WPGateway plugin check the user’s section for any unidentified user with an admin role.
WordPress security company Wordfence posted a detailed report on the vulnerability. It confirmed that the WPGateway plugin with version 3.5 or higher is affected. Wordfence also updated its plugin to add firewall rules in Wordfence Premium, Wordfence Care, and Wordfence Response to safeguard its customers. If you are using the free version of Wordfence, you will receive this update on October 8, 2022.
Wordfence claims that it has already blocked over 4.6 million attacks targeting this vulnerability in more than 280,000 sites.
WPGateway has yet to patch the vulnerability. So, Wordfence didn’t provide further details to prevent further exploitation.
WPGateway is a popular WordPress plugin that lets admins perform several tasks including setting up and backing up sites along with managing themes and plugins from a central dashboard. If you use this plugin, I recommend you remove this plugin and install it only after it receives the patch to fix the vulnerability. If you keep using this plugin, your website will be at a risk.
