Attackers are actively exploiting WPGateway’s WordPress plugin zero-day security issue

DOM based XSS wordpress 2


Attackers are actively exploiting a zero-day vulnerability in the WPGateway premium plugin to target WordPress websites.

The Wordfence Threat Intelligence team has reported that attackers are actively exploiting the WPGateway premium plugin zero-day vulnerability (CVE-2022-3180) in attacks targeting WordPress sites.

WPGateway plugin is a premium plugin that allows users of the WPGateway cloud service to set up and manage their WordPress sites from a single dashboard.

The CVE-2022-3180 flaw is a privilege escalation security issue. An unauthenticated attacker can trigger this flaw to add an unauthorized user with administrative privileges and completely take over a site running a vulnerable WordPress plugin.

“On September 8, 2022, the Wordfence Threat Intelligence team discovered an actively exploited zero-day vulnerability being used to add malicious admin users to sites running the WPGateway plugin. We are aware of.” Read the advisory issued by Wordfence.

Wordfence reported that the firewall successfully blocked over 4.6 million attacks targeting this vulnerability against over 280,000 sites over the past 30 days.

The company did not share technical details about the attack to prevent further exploitation in real-world attacks.

Either way, the company has shared indicators of compromise (IoCs) to help WordPress admins determine that their WordPress site has been compromised.

The most common sign of compromise is a malicious admin with the username: rangex.

Admins can also check the site’s access log for requests to:


The presence of these requests in the log indicates that an attacker has attempted to exploit this vulnerability, but does not mean that the attack has been compromised.

“If you have the WPGateway plugin installed, we recommend removing it immediately until a patch is available and checking your WordPress dashboard for malicious admin users,” the advisory concludes. increase.

Follow me on Twitter: @Security Affairs When Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(Security related hacking, WordPress)

[adrotate banner=”5″]

[adrotate banner=”13″]


Source link

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings

    C2fYudiRqEfLr4jV4HK33j 1200 80

    iPhone 15: What we know so far

    UeHpVSg7S6sSwoLkjWbMdL 1200 80

    Everything we know about the Nvidia RTX 4060