Shocking cyberattack! 280000 WordPress sites attacked by hackers
WordPress sites have been attacked by Zero-day vulnerability CVE-2022-3180. More than 280000 are exploited.
WordPress premium plugin WPGateway has reported a zero-day flaw being actively exploited in the wild. Dubbed as CVE-2022-3180 (CVSS score: 9.8), it is allowing malicious actors to completely take over victim's sites.The bug is being used to add a malicious administrator user to the sites running the WPGateway plugin, said Wordfence. "Part of the plugin functionality exposes a vulnerability that allows unauthenticated attackers to insert a malicious administrator," noted Wordfence researcher Ram Gall. Shockingly, as many as 280000 such sites have been attacked.
WPGateway login compromised? Here is how to find out
WPGateway is used to install, backup, and clone WordPress plugins and themes from a unified dashboard. The administrator that is running the compromised plugin comes with the username "rangex." Additionally, the appearance of requests to "//wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1" is also a sign that the WordPress site has been compromised using the flaw.
According to Wordfence, the bug has been used to conduct over 4.6 million attacks attempting to take advantage of the vulnerability against more than 280000 sites in the past 30 days.The operators of WPGateway got to know about the vulnerability on September 8, but it is still an active threat in the wild.
Administrators of WordPress websites utilising WPGateway are advised to search for the addition of an administrator titled ‘rangex.' Since the vulnerability is yet to be patched, users are recommended to remove the plugin from their WordPress installations until a fix is rolled out. “If you have the WPGateway plugin installed, we urge you to remove it immediately until a patch is made available and to check for malicious administrator users in your WordPress dashboard,” shared Wordfence in a blog post.
This is not the first time that WordPress sites have been exposed to vulnerabilities. Last year, over 90,000 websites were reported to be taken over because of a flaw in Brizy Page Builder that provides users with a ‘no-code' website building experience.