Zero-day in WPGateway WordPress plugin actively exploited in thousands WordPress sites

by | Sep 14, 2022 | News

WPGateway plugin zero-day WordPress

Post Views: 465

Premium Content

Patreon

Subscribe to Patreon to watch this episode.

Reading Time: 3 Minutes

The Wordfence Threat Intelligence team warned today that WordPress sites are actively targeted with exploits targeting a zero-day vulnerability in the WPGateway premium plugin.

 

WPGateway is a WordPress plugin that allows admins to simplify various tasks, including setting up and backing up sites and managing themes and plugins from a central dashboard.

This critical privilege escalation security flaw (CVE-2022-3180) enables unauthenticated attackers to add a rogue user with admin privileges to completely take over sites running the vulnerable WordPress plugin.

“On September 8, 2022, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability being used to add a malicious administrator user to sites running the WPGateway plugin,” Wordfence senior threat analyst Ram Gall said today.

See Also: So you want to be a hacker?
Complete Offensive Security and Ethical Hacking Course

“The Wordfence firewall has successfully blocked over 4.6 million attacks targeting this vulnerability against more than 280,000 sites in the past 30 days.”

While Wordfence disclosed active exploitation of this security bug in the wild, it didn’t release additional information regarding these attacks and details regarding the vulnerability.

By withholding this info, Wordfence says that it wants to prevent further exploitation. This will also likely allow more WPGateway customers to patch their installations before other attackers develop their own exploits and join the attacks.

Trending: Security Engineer vs. Software Engineer

Trending: Recon Tool: ZenBuster

How to find if your site was hacked

 

If you want to check if your website was compromised in this ongoing campaign, you have to check for a new user with administrator permissions with the rangex username.

Additionally, requests to //wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1 in the logs will show that your site was targeted in the attack but wasn’t necessarily compromised.

“If you have the WPGateway plugin installed, we urge you to remove it immediately until a patch is made available and to check for malicious administrator users in your WordPress dashboard,” Gall warned.

“If you know a friend or colleague who is using this plugin on their site, we highly recommend forwarding this advisory to them to help keep their sites protected, as this is a serious vulnerability that is actively being exploited in the wild.”

Trending: GIFShell attack creates reverse shell using Microsoft Teams GIFs

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This