A vulnerability within the WPGateway premium WordPress plugin has been exploited by threat actors, as found and reported by security analysts from WordFence.

WPGateway Plugin Vulnerability Has Been Exploited

On September 13th, 2022, WordFence's Threat Intelligence team reported in a blog post that a security vulnerability within the WPGateway premium plugin was exploited in the wild by malicious parties.

WPGateway can be used on WordPress sites to install and backup sites, as well as manage and clone themes and plugins. It allows website administrators to carry out actions more easily.

The vulnerability, known as CVE-2022-3180, has led to the attack of over 280,000 websites that use the WPGateway plugin. This can be done by adding a rogue, malicious administrator to a given site, which usually goes by the name "rangex". By doing this, the attacker can take over the targeted site and do with it what they wish.

WordFence Claims Millions of Attacks Have Been Blocked

wordpress logo in water

In the aforementioned blog post, WordFence stated that over 4.6 million attacks exploiting the CVE-2022-3180 vulnerability had already been blocked. However, many sites have still been successfully hacked via this zero-day exploit.

At the time of writing, WordFence is remaining tight-lipped about the issue, having only released limited information about the attacks. It is not known whether information relating to the technical side of the exploit will be released in the near future.

WPGateway Is Not the First WordPress Plugin to Be Exploited

Plugin vulnerabilities are nothing new for WordPress. Just days before WordFence announced the WPGateway exploit, another WordPress plugin, known as BackupBuddy, was also exploited via a zero-day flaw. The biggest concern within this security threat was the theft of sensitive data from affected websites.

WordFence was also able to block millions of attacks stemming from this zero-day vulnerability, though some sites were still successfully targeted.

WordPress Security Threats Are a Long-Standing Issue

There are a number of ways through which a malicious actor could target and attack any given WordPress website. This is why it's paramount that WordPress site administrators employ adequate security measures to steer clear of such risks.