A zero-day vulnerability in the latest version of the WordPress premium plugin known as WPGateway has been exploited in the wild, allowing a malicious attacker to take complete control of an affected site.
tracked as CVE-2022-3180 (CVSS score: 9.8), the issue has been weaponized to add malicious admin users to sites running the WPGateway plugin, according to WordPress security company Wordfence.
Wordfence researcher Ram Gall said in an advisory:
WPGateway is billed as a means for site administrators to install, backup, and clone WordPress plugins and themes from an integrated dashboard.
The most common indicator that the website running the plugin has been compromised is the presence of an administrator with the username ‘rangex’.
Also, the fact that the access log records a request to “//wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1” indicates that the WordPress site was targeted using the vulnerability. indicates that the It does not necessarily mean that the violation was successful.
Wordfence says it has blocked over 4.6 million attempts to exploit vulnerabilities against over 280,000 sites in the past 30 days.
Details about this vulnerability are being actively exploited and are being withheld to prevent other attackers from exploiting this shortcoming. In the absence of a patch, users are advised to remove the plugin from their WordPress installation until a fix is available.
The development comes days after Wordfence warned about exploiting another zero-day flaw in a WordPress plugin called BackupBuddy.
This disclosure shows that Sansec has exploited malicious code designed to allow attackers to penetrate the extended licensing system of FishPig, a vendor of popular Magento-WordPress integrations, and install a remote access Trojan called Rekoobe. It also arrives when you reveal that you have inserted a .
