WordPress websites might be at risk after hackers exploited a zero-day vulnerability in the WPGateway premium plugin.
The WordFence threat intelligence team warned users of the WPGateway plugin — a premium add-on that allows WPGateway cloud users to facilitate various tasks on the website using a single board. The vulnerability was classified as CVE-2022-3180 (CVSS score of 9.8), which enables attackers to add an administrator account to websites using WPGateway.
WordPress is a GUI-based CMS (Content Management System) that helps website owners upload and list content. Once an attacker gets administrator privileges, they can practically take control over the website and even add/remove the administrators from it.
According to the WordPress security firm, the WPGateway plugin remains dangerous. The developer was informed of the security problem by Wordfence, but no fix has been released yet. The company is distributing the public service alert (PSA) to all the users because the threat actors have been abusing the zero-day vulnerability.
Moreover, the security company has withheld technical information on the vulnerability to avoid further exploitation. However, it released some indications of compromise (IoCs) to assist site administrators in determining whether their installations had been targeted.
The company has shared with users the ways to check WPGateway exploits using a straightforward method. The website administrator can inspect if any new user has been added to the website using ‘rangex’ username. Users whose ongoing exploit may have been impacted can check the users on their WordPress websites.
Additionally, the website administrator can use this link “//wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1” to see if any attacker has attached itself to the website, and also if the threat has compromised the website or not.
The company has alerted users who had installed the WPGateway plugin and advised them to uninstall it from their websites until a security patch is released. It also requested users can check for any signs of malicious administrator users in your WordPress dashboard and to remove them immediately, if detected.
These cases reinforce that ATM jackpotting is no longer a niche cybercrime tactic but part of organized financial crime networks.
This signals that DSA enforcement is moving beyond content moderation into deeper operational transparency.
Campaign involving network infiltration, ransomware deployment and phishing operations designed to destabilize essential services in UAE, blocked.
AI fraud, deepfake probes, SME cyber warnings, and ransomware cases highlight rising global risks in this week’s Cyber Express roundup.
French national bank authority confirmed a major data breach affecting 1.2 million bank accounts after a malicious actor stole credentials…
The real success of AI will not only depend on how powerful the technology becomes, but on how safely, fairly,…
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More