Threat actors are actively exploiting a zero-day in WPGateway WordPress plugin

SecOperations

Threat actors are actively exploiting a zero-day vulnerability in the WPGateway premium plugin to target WordPress websites.

The Wordfence Threat Intelligence team reported that threat actors are actively exploiting a zero-day vulnerability (CVE-2022-3180) in the WPGateway premium plugin in attacks aimed at WordPress sites.

The WPGateway plugin is a premium plugin that allows users of the WPGateway cloud service to setup and manage WordPress sites from a single dashboard.

The CVE-2022-3180 flaw is a privilege escalation security issue, an unauthenticated attacker can trigger the flaw to add a rogue user with admin privileges to completely take over the sites running the vulnerable WordPress plugin.

“On September 8, 2022, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability being used to add a malicious administrator user to sites running the WPGateway plugin.” reads the advisory published by Wordfence.

Wordfence reported that its firewall has successfully blocked over…

View original post 177 more words

2 thoughts on “Threat actors are actively exploiting a zero-day in WPGateway WordPress plugin

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.