Shocking cyberattack! 280000 WordPress sites attacked by hackers | Tech News
Home Tech Tech News Shocking cyberattack! 280000 WordPress sites attacked by hackers

Shocking cyberattack! 280000 WordPress sites attacked by hackers

WordPress sites have been attacked by Zero-day vulnerability CVE-2022-3180. More than 280000 are exploited.

By: HT TECH
| Updated on: Sep 15 2022, 15:58 IST
Icon
WordPress
WordPress sites have been attacked by Zero-day vulnerability CVE-2022-3180! (Stephen Phillips/Hostreviews)
WordPress
WordPress sites have been attacked by Zero-day vulnerability CVE-2022-3180! (Stephen Phillips/Hostreviews)

WordPress premium plugin WPGateway has reported a zero-day flaw being actively exploited in the wild. Dubbed as CVE-2022-3180 (CVSS score: 9.8), it is allowing malicious actors to completely take over victim's sites.The bug is being used to add a malicious administrator user to the sites running the WPGateway plugin, said Wordfence. "Part of the plugin functionality exposes a vulnerability that allows unauthenticated attackers to insert a malicious administrator," noted Wordfence researcher Ram Gall. Shockingly, as many as 280000 such sites have been attacked.

WPGateway login compromised? Here is how to find out

WPGateway is used to install, backup, and clone WordPress plugins and themes from a unified dashboard. The administrator that is running the compromised plugin comes with the username "rangex." Additionally, the appearance of requests to "//wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1" is also a sign that the WordPress site has been compromised using the flaw.

According to Wordfence, the bug has been used to conduct over 4.6 million attacks attempting to take advantage of the vulnerability against more than 280000 sites in the past 30 days.The operators of WPGateway got to know about the vulnerability on September 8, but it is still an active threat in the wild.

Administrators of WordPress websites utilising WPGateway are advised to search for the addition of an administrator titled ‘rangex.' Since the vulnerability is yet to be patched, users are recommended to remove the plugin from their WordPress installations until a fix is rolled out. “If you have the WPGateway plugin installed, we urge you to remove it immediately until a patch is made available and to check for malicious administrator users in your WordPress dashboard,” shared Wordfence in a blog post.

This is not the first time that WordPress sites have been exposed to vulnerabilities. Last year, over 90,000 websites were reported to be taken over because of a flaw in Brizy Page Builder that provides users with a ‘no-code' website building experience.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 15 Sep, 15:58 IST
Tags:
Trending: bored of your instagram explore feed? here’s how you can change, reset it mrbeast vs t-series: popular youtuber on the verge of surpassing indian music label in subscribers whatsapp update: new ‘private mention’ feature for status updates coming soon- details how to hide your instagram online status from others solar storm alert: cme could hit earth and spark a geomagnetic storm today, says noaa how to change whatsapp font style and font size in chat window google wallet introduces 'linked passes' setting: what is it and how to use the new feature meta ai: mark zuckerberg unveils features of whatsapp and instagram’s ai chatbot google wallet to launch in india: what is it and how will it be different from google pay apple releases macos sonoma 14.5 public beta 2 update; check new features and know how to get it
NEXT ARTICLE BEGINS

Tips & Tricks

WhatsApp banned
WhatsApp banned my number. What’s the solution? Step-by-step guide to ‘unban’ your account
Consider Tonnage
Don't forget these 5 things while buying ACs online
Productivity
Otter AI: How to use this AI meeting assistant app to automatically take notes, transcripts, more
Pixel 8 Pro's Pro
Know how to master Pro Controls on the Google Pixel 8 Pro - check top 4 tips
ChatGPT Plus
How to edit images generated by DALL-E in ChatGPT: Step-by-step guide

Editor’s Pick

Digi Yatra
Digi Yatra users, delete the old app right now- Here’s how to download the new app and use it at airports
iPhone 15
iPhone 16 leaks summarised: Colours, A-series chip and what more to expect from Apple in 2024
STScI-01HFQ5YXZ04PF608HQB0KRTF3S
10 stellar images shot by NASA’s $10 billion James Webb Space Telescope
HDFC Bank alerts about a few common ‘bad habits’ of smartphone users that make it easy for them to fall prey to hacking attempts and scams.
Online scams: 5 habits of smartphone users that make life easy for hackers, warns HDFC Bank
Moto Edge 50 Pro
Motorola Edge 50 Pro review: Should you buy this new AI smartphone under 35,000?

Trending Stories

Dbrand
MKBHD takes tough stand after Dbrand makes racist comment on Indian customer [Update]
GTA_6
GTA 6 leaks: What we know so far about Grand Theft Auto 6
STScI-01HFQ5YXZ04PF608HQB0KRTF3S
10 stellar images shot by NASA’s $10 billion James Webb Space Telescope
Google Vids
Google Vids- All details about this new AI video app and how to use it
iPhone 13
Apple iPhone 13 available at discounted price of Rs. 52,990 on Amazon- Check details
keep up with tech

Gaming

Free Fire Max release date
Garena Free Fire MAX Redeem Codes for April 20: Avatars, weapons skins and more on offer
Garena Free Fire redeem codes for April 20
Garena Free Fire Redeem Codes for April 20: Tips and tricks to become pro player earlyUntitled Story
GTA 6: From main protagonists to supporting figures, all the key characters in Grand Theft Auto 6
GTA 6: From main protagonists to supporting figures, all the key characters in Grand Theft Auto 6
Garena Free Fire MAX Redeem Codes for April 19
Garena Free Fire MAX Redeem Codes for April 19: SCAR Ring event bring menacing weapon skins!
Garena Free Fire Redeem Codes for April 19
Garena Free Fire Redeem Codes for April 19: OB44 update rolled out, know what’s new

Best Deals For You

Unbeatable Launch Offer
Redmi Buds 5 launched in India with AI Voice Enhancement; Check features, price and more
Oppo F23
10 Best Oppo phones under 25000: Performance without the premium price
iQOO 12
iQOO anniversary offers on iQOO 12, iQOO Neo 9 Pro and more announced; Check details
OnePlus 12 Open Sales in India
OnePlus 12 open sale announced! Check deal, specs and features here
Apple MacBook Air Laptop M1
10 best laptops under 1 lakh: ASUS, Dell to Apple, here is a Christmas gift guide for you

    Trending News

    MKBHD takes tough stand after Dbrand makes racist comment on Indian customer [Update]
    Dbrand
    GTA 6 leaks: What we know so far about Grand Theft Auto 6
    GTA_6
    10 stellar images shot by NASA’s $10 billion James Webb Space Telescope
    STScI-01HFQ5YXZ04PF608HQB0KRTF3S
    Google Vids- All details about this new AI video app and how to use it
    Google Vids
    Apple iPhone 13 available at discounted price of Rs. 52,990 on Amazon- Check details
    iPhone 13

    Trending Gadgets

    Mobiles Laptops Tablets