Over 280,000 WordPress Websites Attacked Utilizing WPGateway Plugin Zero-Day Vulnerability

A zero-day flaw within the newest model of a WordPress premium plugin generally known as WPGateway is being actively exploited within the wild, probably permitting malicious actors to utterly take over affected websites.

Tracked as CVE-2022-3180 (CVSS rating: 9.8), the difficulty is being weaponized so as to add a malicious administrator consumer to websites working the WPGateway plugin, WordPress safety firm Wordfence famous.

“A part of the plugin performance exposes a vulnerability that permits unauthenticated attackers to insert a malicious administrator,” Wordfence researcher Ram Gall stated in an advisory.


WPGateway is billed as a way for web site directors to put in, backup, and clone WordPress plugins and themes from a unified dashboard.

The most typical indicator {that a} web site working the plugin has been compromised is the presence of an administrator with the username “rangex.”

Moreover, the looks of requests to “//wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1” within the entry logs is an indication that the WordPress web site has been focused utilizing the flaw, though it would not essentially suggest a profitable breach.

Wordfence stated it blocked over 4.6 million assaults making an attempt to benefit from the vulnerability towards greater than 280,000 websites up to now 30 days.

Additional particulars in regards to the vulnerability have been withheld owing to lively exploitation and to stop different actors from profiting from the shortcoming. Within the absence of a patch, customers are really useful to take away the plugin from their WordPress installations till a repair is offered.


The event comes days after Wordfence warned of in-the-wild abuse of one other zero-day flaw in a WordPress plugin known as BackupBuddy.

The disclosure additionally arrives as Sansec revealed that risk actors broke into the extension license system of FishPig, a vendor of fashionable Magento-WordPress integrations, to inject malicious code that is designed to put in a distant entry trojan known as Rekoobe.

Newsletter Updates

Enter your email address below to subscribe to our newsletter

Leave a Reply