Over 280,000 WordPress sites may have been hijacked by zero-day hiding in popular plugin

Popular WordPress plugin had a serious zero-day flaw

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A zero-day vulnerability found in a premium WordPress plugin is being actively exploited in the wild, researchers are saying, urging users to remove it from their websites until a patch is released.

WordPress security pluginmakers WordFence uncovered a flaw in WPGateway, a premium plugin helping admins manage other WordPress plugins and themes from a single dashboard.

According to the researchers, the flaw is tracked as CVE-2022-3180, and carries a severity score of 9.8. It allows threat actors to create an admin user on the platform, meaning they’d have the ability to take over the entire website if they so pleased.

Millions of attacks

“Part of the plugin functionality exposes a vulnerability that allows unauthenticated attackers to insert a malicious administrator,” said Ram Gall, Wordfence researcher.

Wordfence added it successfully blocked more than 4.6 million attacks, against more than 280,000 sites, in the last month, alone. That also means that the number of attacked (and possibly compromised) websites is probably much, much larger.

A patch for the flaw is not yet available, the researchers said, and there is no workaround. The only way to stay safe, for the time being, is to remove the plugin from the website altogether, and wait for the patch to arrive, researchers stressed.

Webmasters looking for indicators of compromise should check their sites for admin accounts named “rangex”. Furthermore, they should look for requests to “//wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1” in the access logs, as that is a sign of an attempted breach. This sign, however, doesn’t necessarily mean it was successful.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

WordPress plugin exposes half a million sites to attack>Yet another WordPress plugin puts hundreds of thousands of sites at risk>These are the best WordPress Plugins right now

Other details are scarce for the moment, given the fact that the flaw is being actively exploited, and that the fix is not yet available.

WordPressis the world’s most popular website builder, and as such, is under constant attack by cybercriminals. While the platform itself is generally considered safe, its plugins, of which there are hundreds of thousands, are often the weak link that leads to compromise.

Via:The Hacker News

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Squarespace just launched its biggest update ever. I asked what that means for your business

Shopify just made it easier to access all your financial tools in one place

Sihoo Doro S100 ergonomic office chair review