A zero-day vulnerability found in a premium WordPress plugin is actively being exploited in the wild, researchers say, urging users to remove it from their sites until a patch is released.
WordPress security plugin (opens in new tab) The makers of WordFence have discovered a bug in WPGateway, a premium plugin that helps admins manage other WordPress plugins and themes from a single dashboard.
According to the researchers, the bug is being traced as CVE-2022-3180 and has a severity of 9.8. It allows attackers to create an admin user on the platform, meaning they have the ability to take over the entire website if they wish.
“Some plugin functionality exposes a vulnerability that allows unauthenticated attackers to inject a malicious administrator,” said Ram Gall, Wordfence researcher.
Wordfence added that it successfully blocked more than 4.6 million attacks against more than 280,000 websites in the last month alone. It also means that the number of websites attacked (and possibly compromised) is likely to be much, much larger.
A patch for the bug isn’t yet available, the researchers said, and there’s no workaround. The only way to stay safe for now is to completely remove the plugin from the site and wait for the patch to arrive, the researchers pointed out.
Webmasters looking for indicators of compromise should check their sites for administrator accounts named rangex. Also, they should check the access logs for requests to “//wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1” as this is a sign of an attempted breach. However, this sign does not necessarily mean that it was successful.
> The WordPress plugin makes half a million websites vulnerable
> Another WordPress plugin puts hundreds of thousands of websites at risk
> These are the best WordPress plugins currently
Further details are scarce at the moment as the bug is actively exploited and the fix is not yet available.
WordPress (opens in new tab) is the world’s most popular website builder and as such is constantly under attack by cyber criminals. While the platform itself is generally considered secure, its plugins, of which there are hundreds of thousands, are often the weak link that leads to compromise.
- Here are the best managed WordPress hosting providers (opens in new tab) today
Above: The hacker news (opens in new tab)
This article was previously published on Source link