Researchers said a zero-day vulnerability found in a WordPress plugin that is actively exploited in the wild, and urged users to remove it from their websites until a patch is released.
WordPress Security Plugin (Opens in a new tab) The makers of WordFence have revealed a flaw in WPGateway, an excellent plugin that helps admins manage WordPress plugins and themes from a single dashboard.
According to the researchers, the flaw has been tracked as CVE-2022-3180, and has a severity score of 9.8. It allows threat actors to create an admin user on the platform, which means they’ll have the ability to take over the entire website if they’re happy to do so.
Millions of attacks
“Part of the plugin’s functionality exposes a vulnerability that allows unauthenticated attackers to insert a malicious administrator,” said Ram Gal, a researcher at Wordfence.
Wordfence added that it successfully blocked more than 4.6 million attacks, against more than 280,000 websites, in the last month alone. This also means that the number of websites attacked (and possibly hacked) is probably much greater.
Correcting the flaw is not yet available, the researchers said, and there is no workaround. The researchers stressed that the only way to stay safe, for now, is to completely remove the plugin from the site, and wait for the patch to arrive.
Webmasters looking for indicators of penetration should check their sites for administrator accounts called “rangex”. Furthermore, they should look for requests for “//wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1” in the access logs, as that is a sign of an attempted breach. However, this sign does not necessarily mean that it was successful.
Other details are scarce at the moment, given the fact that the bug is being actively exploited, and a fix isn’t available yet.
WordPress (Opens in a new tab) It is the world’s most famous website builder, and as such, is under constant attack by cybercriminals. Although the platform itself is generally considered secure, its plugins, of which there are hundreds of thousands, are often the weak link that leads to compromise.
Across: pirate news (Opens in a new tab)