Security
Headlines
HeadlinesLatestCVEs

Headline

Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability

A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. Tracked as CVE-2022-3180 (CVSS score: 9.8), the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin, WordPress security company Wordfence

The Hacker News
#vulnerability#web#wordpress#php#auth#zero_day#The Hacker News

A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites.

Tracked as CVE-2022-3180 (CVSS score: 9.8), the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin, WordPress security company Wordfence noted.

“Part of the plugin functionality exposes a vulnerability that allows unauthenticated attackers to insert a malicious administrator,” Wordfence researcher Ram Gall said in an advisory.

WPGateway is billed as a means for site administrators to install, backup, and clone WordPress plugins and themes from a unified dashboard.

The most common indicator that a website running the plugin has been compromised is the presence of an administrator with the username “rangex.”

Additionally, the appearance of requests to “//wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1” in the access logs is a sign that the WordPress site has been targeted using the flaw, although it doesn’t necessarily imply a successful breach.

Wordfence said it blocked over 4.6 million attacks attempting to take advantage of the vulnerability against more than 280,000 sites in the past 30 days.

Further details about the vulnerability have been withheld owing to active exploitation and to prevent other actors from taking advantage of the shortcoming. In the absence of a patch, users are recommended to remove the plugin from their WordPress installations until a fix is available.

The development comes days after Wordfence warned of in-the-wild abuse of another zero-day flaw in a WordPress plugin called BackupBuddy.

The disclosure also arrives as Sansec revealed that threat actors broke into the extension license system of FishPig, a vendor of popular Magento-WordPress integrations, to inject malicious code that’s designed to install a remote access trojan called Rekoobe.

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Related news

Go Update iOS, Chrome, and HP Computers to Fix Serious Flaws

Plus: WhatsApp plugs holes that could be used for remote execution attacks, Microsoft patches a zero-day vulnerability, and more.

WordPress WPGateway 3.5 Privilege Escalation

WordPress WPGateway plugin versions 3.5 and below suffer from an unauthenticated privilege escalation vulnerability.

WPGateway WordPress plugin vulnerability could allow full site takeover

Categories: News Tags: WPGateway Tags: WordPress Tags: plugin Tags: vulnerability Tags: CVE We take a look at a vulnerability being exploited in the wild related to the WPGateway WordPress plugin. (Read more...) The post WPGateway WordPress plugin vulnerability could allow full site takeover appeared first on Malwarebytes Labs.

The Hacker News: Latest News

Warning: Over 2,000 Palo Alto Networks Devices Hacked in Ongoing Attack Campaign