Actively Exploited Zero-Day Vulnerability Found In WPGateway WordPress Plugin

A zero-day vulnerability in the WPGateway WordPress plugin recently surfaced online following active exploits. The researchers have noticed millions of attack attempts against thousands of websites. For now, no official patch is available for the plugin.

About WPGateway Plugin Zero-Day Vulnerability

A recent Wordfence report elaborates on an actively exploited zero-day vulnerability in the WPGateway WordPress plugin.

WPGateway is a premium WordPress plugin facilitating admins regarding WordPress installations, backup, and cloning purposes. The plugin currently boasts over 280,000 downloads. That means any vulnerability in this plugin directly risks thousands of sites globally.

The researchers detected and blocked over 4.6 million exploitation attempts. Following this discovery, the researchers responsibly disclosed the issue to the developers. However, according to Wordfence, the vulnerability still awaits an official patch from developers. Unfortunately, that means websites running this plugin are currently exposed to the attackers who have developed the vulnerability exploit.

Given the threat, Wordfence has refrained from sharing technical details about the vulnerability. Nonetheless, they confirmed that the flaw CVE-2022-3180 is a critical-severity vulnerability that allows an attacker to gain elevated privileges on the target website. It even allows an unauthenticated adversary to create malicious admin accounts.

Since no official fix is available, Wordfence recommends that WordPress admins remove this plugin from their websites. Whereas, they advise users to check their websites for a possible compromise by looking for an administrator account with the username “rangex”. If it’s present, users should believe their sites are attacked or potentially compromised.

Site admins should check their access logs for requests to //wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients