• World CyberCon India
Data Breaches Firewall Daily

WordPress Sites Hacked via Zero-Day Vulnerability in WPGateway Plugin

Hackers exploited a zero-day vulnerability in the WPGateway plugin. The creators behind the plugin have warned users about the exploit and ways to protect their WordPress websites.

WordPress Sites Hacked via Zero-Day Vulnerability in WPGateway Plugin
  • PublishedSeptember 15, 2022
Listen to this story

WordPress websites might be at risk after hackers exploited a zero-day vulnerability in the WPGateway premium plugin.

The WordFence threat intelligence team warned users of the WPGateway plugin — a premium add-on that allows WPGateway cloud users to facilitate various tasks on the website using a single board. The vulnerability was classified as CVE-2022-3180 (CVSS score of 9.8), which enables attackers to add an administrator account to websites using WPGateway.

WordPress is a GUI-based CMS (Content Management System) that helps website owners upload and list content. Once an attacker gets administrator privileges, they can practically take control over the website and even add/remove the administrators from it.

WPGateway plugin still poses threats

According to the WordPress security firm, the WPGateway plugin remains dangerous. The developer was informed of the security problem by Wordfence, but no fix has been released yet. The company is distributing the public service alert (PSA) to all the users because the threat actors have been abusing the zero-day vulnerability.

Moreover, the security company has withheld technical information on the vulnerability to avoid further exploitation. However, it released some indications of compromise (IoCs) to assist site administrators in determining whether their installations had been targeted.

How to check WPGateway exploits

The company has shared with users the ways to check WPGateway exploits using a straightforward method. The website administrator can inspect if any new user has been added to the website using ‘rangex’ username. Users whose ongoing exploit may have been impacted can check the users on their WordPress websites.

Additionally, the website administrator can use this link “//wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1” to see if any attacker has attached itself to the website, and also if the threat has compromised the website or not.

The company has alerted users who had installed the WPGateway plugin and advised them to uninstall it from their websites until a security patch is released. It also requested users can check for any signs of malicious administrator users in your WordPress dashboard and to remove them immediately, if detected.

Written By

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.