Over 280,000 WordPress sites may have been hijacked by zero-day hiding in popular plugin

News
By published

Popular WordPress plugin had a serious zero-day flaw

An image of security icons for a network encircling a digital blue earth.
(Image credit: Shutterstock) (Image credit: Shutterstock)

A zero-day vulnerability found in a premium WordPress plugin is being actively exploited in the wild, researchers are saying, urging users to remove it from their websites until a patch is released.

WordPress security plugin makers WordFence uncovered a flaw in WPGateway, a premium plugin helping admins manage other WordPress plugins and themes from a single dashboard.

According to the researchers, the flaw is tracked as CVE-2022-3180, and carries a severity score of 9.8. It allows threat actors to create an admin user on the platform, meaning they’d have the ability to take over the entire website if they so pleased. 

Millions of attacks

"Part of the plugin functionality exposes a vulnerability that allows unauthenticated attackers to insert a malicious administrator," said Ram Gall, Wordfence researcher.

Wordfence added it successfully blocked more than 4.6 million attacks, against more than 280,000 sites, in the last month, alone. That also means that the number of attacked (and possibly compromised) websites is probably much, much larger. 

A patch for the flaw is not yet available, the researchers said, and there is no workaround. The only way to stay safe, for the time being, is to remove the plugin from the website altogether, and wait for the patch to arrive, researchers stressed. 

Webmasters looking for indicators of compromise should check their sites for admin accounts named “rangex”. Furthermore, they should look for requests to "//wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1" in the access logs, as that is a sign of an attempted breach. This sign, however, doesn’t necessarily mean it was successful.

Read more

> WordPress plugin exposes half a million sites to attack

> Yet another WordPress plugin puts hundreds of thousands of sites at risk

> These are the best WordPress Plugins right now

Other details are scarce for the moment, given the fact that the flaw is being actively exploited, and that the fix is not yet available. 

WordPress is the world’s most popular website builder, and as such, is under constant attack by cybercriminals. While the platform itself is generally considered safe, its plugins, of which there are hundreds of thousands, are often the weak link that leads to compromise.

Via: The Hacker News

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
Thousands of WordPress websites hit in new malware attack, here's what we know
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
Another serious WordPress plugin vulnerability could put 40,000 sites at risk of attack
WordPress
Another top WordPress plugin found carrying critical security flaws
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
Over a million WordPress sites exposed to attack from W3 Total Cache plugin flaw
WordPress
WordPress users beware - these popular theme plugins have some major security issues
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
Top WordPress plugins found to have some serious security flaws, so make sure you're protected
Latest in Website Building
Wix automation
The world's leading website builder aims to save businesses time with new tool
Squarespace
Build a website for less with 10% off Squarespace subscriptions
Squarespace
Fresh season, fresh start— launch your dream website with Squarespace with this offer
Wix Printful
Wix teams up with Printful for in-house print-on-demand tools
Squarespace
Don't miss out on this great Squarespace deal
Hostinger Website Builder vs WordPress.com: Which is better?
Hostinger Website Builder vs WordPress.com: Battle of the WordPress website builders
Latest in News
L-mount alliance
Sirui joins L-Mount Alliance to deliver its superb budget lenses for Leica, DJI, Sigma and Panasonic cameras
Security padlock and circuit board to protect data
Trust in digital services around the world sees a massive drop as security worries continue
A Lego Pikachu tail next to a Pebble OS watch and a screenshot of Assassin's Creed Shadow
ICYMI: the week's 7 biggest tech stories from LG's excellent new OLED TV to our Assassin's Creed Shadow review
Samuel and Romy standing very close together in A24's Babygirl movie
Everything new on Max in April 2025, including A24's Babygirl and The Last of Us season 2
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
AMD’s secret weapon against Nvidia seems to be stock – way more RX 9070 GPUs are rumored to be hitting shelves than RTX 5000 models
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
More about website building
Squarespace

Fresh season, fresh start— launch your dream website with Squarespace with this offer
Wix automation

The world's leading website builder aims to save businesses time with new tool
Will.i.am speaking about XBoom speakers at CES 2025, wearing all black with a black cap

'Exploitative use of AI is social media; we already have it – it's called you don't own your data’: will.i.am talks tech, LG, and using AI responsibly
See more latest
Most Popular
The AmpereOne CPU
Softbank set to buy Ampere Computing for $6.5 billion and could integrate it with Arm and Graphcore
A Lego Pikachu tail next to a Pebble OS watch and a screenshot of Assassin's Creed Shadow
ICYMI: the week's 7 biggest tech stories from LG's excellent new OLED TV to our Assassin's Creed Shadow review
A SCUBA Diver Checks An Undersea Cable
Startup wants to mitigate risk of state-actor underwater fibre optic cable sabotage by using a decades-old technique
Nvidia Quantum-X and Spectrum-X Silicon Photonics
Nvidia is planning post-copper 1.6Tbps network tech to connect millions of GPUs as it unveils photonics networking gear at GTC 2025
Uperfect 23.8-inch dual foldable display
This is the largest dual-screen monitor I've ever seen, and at almost 24 inches each, it's bigger than a 43-inch super wide display
Apple Mac Studio
Apple Mac Studio M3 Ultra workstation can run Deepseek R1 671B AI model entirely in memory using less than 200W, reviewer finds
The cover art for popular Max TV shows shown in a collage
Max has been adding some of Prime Video's most annoying features but also a load of better upgrades
AMD Instinct MI355X Accelerator
AMD signs huge multi-billion dollar deal with Oracle to build a cluster of 30,000 MI355X AI accelerators
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
Gemma staring at something off-camera in Severance season 2 episode 10
'Everyone is going to be so torn': Severance star Dichen Lachman reacts to the popular Apple TV+ show's most 'intense' season 2 finale event