In order to track the attack on your website that was affected in this ongoing campaign, you can check for a new user with the username ‘rangex.’
Also, //wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1 in the logs will let you know that your site was targeted in the malicious attack but wasn’t necessarily compromised.
Moreover, WPGateway is publicized as a means for site administrators to install, back up, and similar WordPress plugins and themes from a dashboard.
Substantially, it is also advised that if the admin doesn’t find any patch, removing the plugin from their WordPress installations is recommended until a fix is available. Eventually, the development comes days after Wordfence warned of in-the-wild abuse of another zero-day flaw in a WordPress plugin called BackupBuddy.
The revelation of the attack also comes as Sansec indicated that threat actors broke into the extension license system of FishPig, an agent of popular Magento-WordPress integrations, to ingrain malicious code developed to get a remote access trojan called Rekoobe.