Today, the Wordfence Threat Intelligence team warned that WordPress sites are primarily targeted with exploits bugging a zero-day vulnerability in the WPGateway plugin.
However, WPGateway is a WordPress plugin that enables admins to simplify several tasks, including backing up and setting up sites and managing themes and plugins from a central dashboard.
Although, this crucial privilege escalation security flaw (CVE-2022-3180) enables fictitious attackers to add a con artist with admin privileges to take over sites running the vulnerable WordPress plugin entirely.
Also, Wordfence senior threat analyst Ram Gall said today, “On September 8, 2022, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability being used to add a malicious administrator user to sites running the WPGateway plugin.”
He added, “The Wordfence firewall has successfully blocked over 4.6 million attacks targeting this vulnerability against more than 280,000 sites in the past 30 days.”
Additionally, Wordfence revealed active exploitation of this security bug in the wild, and it didn’t release additional information regarding these attacks or the vulnerability.
To avoid such attacks in the future, Wordfence claims that it wants to prevent other exploitation. Yet, to avoid any circumstances, it is recommended to WPGateway users patch their installations before other attackers develop their exploits and join the attacks.