WordPress zero-day vulnerability compromised more than 280,000 websites: Researchers

Security researchers recently discovered that a zero-day vulnerability has compromised a popular WordPress plugin and is being actively exploited by attackers. WPGateway is a commonly used plugin that allows admins to manage other WordPress plugins and themes from a single dashboard. Researchers at WordFence, a WordPress security plugin maker, have exposed a flaw in WPGateway (as spotted by The Hacker News) which has been tracked as CVE-2022-3180 and is said to carry a severity score of 9.8.
In the last 30 days, WordFence has been successful in blocking over 4.6 million attacks against more than 280,000 sites. The security plugin maker also suggests that the number of attacked websites (which also might be compromised) is likely to be much larger than the ones already discovered.
What is WordPress and what it means for internet users?
WordPress is a free and open-source website-building platform that powers numerous websites on the internet. Technically speaking, WordPress is an open-source content management system (CMS) software that anyone can use or modify for free. A CMS is a tool that can be used to easily manage other aspects of a website — like content — and it allows users to access the backend of the site without even knowing programming.

In other words, WordPress makes website building accessible to common users who are not developers. This software includes features such as — a plugin architecture and a template system which is also known as themes. WordPress being one of the world’s most popular website builders is constantly under attack by cybercriminals. Meanwhile, the platform itself is considered safe, its several plugins act as a weak link that exposes the software.
Internet users who make their own blogs and websites using WordPress should be concerned with the compromised WPGateway plugin as hackers can take control of the website without the owner knowing. Admins who manage major websites of various companies should also be aware of this vulnerability as their sites are also not safe. Cyber attackers can also steal user data from compromised websites.
WordPress WPGateway plugin vulnerability: How it can be exploited
Attackers can exploit the flaw to introduce a new admin user on the platform which will allow them to compromise the entire website if they want. Ram Gall, a researcher at WordFence, has said that “Part of the plugin functionality exposes a vulnerability that allows unauthenticated attackers to insert a malicious administrator.”
WordPress WPGateway plugin vulnerability: How you can evade it
WordFence has recommended admins to look out for indicators that can compromise their websites. The researchers have mentioned that admins should check their websites for admin accounts named “rangex”. Admins should also keep an eye on requests like — “//wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1” — in the access logs which can also indicate an attempted breach. This specific request doesn’t necessarily mean that the breach attempt has been successful.

Meanwhile, researchers have also mentioned that a fix for this vulnerability is not available and workarounds are also currently not possible. So, the only way to keep the websites safe (temporarily) is to remove the plugin from the website and wait for the fix to arrive.

Leave a Reply

Your email address will not be published.