WordPress Websites Hacked by Plugin WPGateway’s Zero-Day Vulnerability

  • Home
  • Blog
  • WordPress Websites Hacked by Plugin WPGateway’s Zero-Day Vulnerability
WordPress Websites Hacked by Plugin WPGateway’s Zero-Day Vulnerability

WordPress has a plugin structure and a template system, allowing you to modify your website to fit your organization, blog, portfolio, or online platform. Since WordPress is the most widely used website builder worldwide, cybercriminals frequently target it. WordPress has recently been the target of numerous known attacks. These incidents took advantage of WordPress plugins and other tools to harm websites.

About WPGateway

WordPress plugin, called WPGateway, helps administrators with WordPress setups, backups, and cloning procedures. More than 280,000 people have downloaded the plugin so far. Therefore, any flaw or bug in this plugin puts thousands of sites worldwide at risk.

The security company withheld technical information on the insecurity to avoid further exploitation. It discussed a few markers of compromise (IoCs) to assist site administrators in determining whether their installations were targeted or not. 

Wordfence has chosen not to disclose technical information about the vulnerability because of the risk. The company claims that the WordPress website has been threatened and compromised if an account having a user id “rangex” is present in the dashboard.

Owners of sites may also look through the site’s access logs of particular requests that might indicate a targeted attack.

The Identified Flaw

WordPress’s zero-day flaw lead to 4.6 million website attack attempts. The vulnerability that was identified was CVE-2022-3180. The verified flaw is significantly severe, enabling the attacker to obtain root-level access to the target website. Even the creation of fraudulent admin accounts by an adversary acting without authentication is possible.

Malicious actors can now develop an admin user here on the system, enabling them to take control of the whole website if they wish. The researchers found and stopped around 4.6 million attack attempts.

Further information regarding the vulnerability has been withheld due to exploitation and to stop other hackers from utilizing the flaw. Users are said to uninstall the plugin unless a new update is available if there isn’t one already.

Recommendations For Addressing This Vulnerability

A zero-day vulnerability occurs when nefarious individuals or hackers find a security hole in software and use it to break into your WordPress site. It’s necessary to keep in mind that a “zero-day” vulnerability requires that the developer be unaware of the security flaw.

One of the most reliable ways to guard against this vulnerability is to update WordPress core and plugins. Disable any outdated plugins or themes. You can also get a firewall, which adds an extra layer of security to your WordPress site. Rogue Logics provides all the cyber security services you need to achieve your security goals.

Conclusion

The most famous web builder in the globe, WordPress(opens in a new tab), is frequently targeted by cybercriminals. Although the platform, as a whole, is regarded to be secure, the growing numbers of plugins within it are regularly the weak point that allows for compromise.

Wordfence reports that the vulnerability is still waiting for an official bug fix from developers. Other information is currently lacking because the vulnerability is being actively used against users as there is no patch available.

Rogue Logics provides in-depth security services for the assessment and protection of your application, data, and infrastructure against potential threats on-prem or in the cloud. Want a consultation with the professionals at Rogue Logics? Contact us and get a free quote.