A recent zero-day vulnerability in a premium WordPress plugin known as WPGateway is being actively exploited in the wild to allow attackers to take full control of vulnerable sites.
Tracked as CVE-2022-3180 (CVSS score: 9.8), this issue is exploited to add an admin attacker to pages with the WPGateway plugin, according to WordPress security firm WordFence.
"Part of the plugin's functionality exposes a vulnerability that could allow unauthenticated attackers to install a malicious admin," said WordPress researcher Ram Gal.
WPGateway is a way for webmasters to install, maintain and remove WordPress plugins and themes from the integrated control panel.
The most common sign that the website running the plugin is compromised is the presence of an administrator username.
Also, the presence of requests "//wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1" in the access logs is a sign that the WordPress site has been attacked by a bug. This does not necessarily mean that the hack was successful.
WordFence claims to have blocked more than 4.6 million attacks using the vulnerability on more than 280,000 sites over the past 30 days.
Additional vulnerability information is stored to prevent other actors from actively exploiting this vulnerability. In the absence of a fix, users are advised to remove the plugin from their WordPress installation until a fix is available.
Development began a few days after another zero-day bug was reported in a WordPress plugin called BackupBuddy that could have been exploited by WordPress in the wild.
The claim was also made by Sansec: attackers hacked the extension licensing system of Magento-WordPress integration provider FishPig to inject malicious code designed to install a remote access trojan called Recube.
Did you find this article interesting? Follow THN on Facebook, Twitter and LinkedIn for more exclusive content we post.
Post a Comment
Post a Comment