Hundreds of thousands of WordPress sites attacked via WPGateway plugin vulnerability
More than 280,000 websites have been attacked by a zero-day in the WordPress plugin WPGateway. The vulnerability makes it possible for attackers to add their own admin user to the cms. There is no patch for the vulnerability yet.
The vulnerability is discovers by the Wordfence team, which actively monitors attacks on WordPress. The team was able to detect and stop more than 280,000 attacks through its own plugin. The team has detected 4.6 million attacks since its discovery in early September. Administrators use WPGateway to simplify certain tasks, such as backing up and installing new plugins and themes.
The zero day is known as CVE-2022-3180. The makers of WPGateway have not yet released a patch. Therefore, it has only been disclosed that criminals are actively exploiting the vulnerability and that attackers are able to gain full administrative rights over a WordPress website via this zero-day.
Website administrators using the plugin would do well to remove it for now, the advice is. The plug-in can then be used again if there is a patch. Admins can check if they have been attacked by seeing if an unknown admin has been added to the site’s users in the past month.