Zero-Day Vulnerability Discovered in WPGateway plugin Actively Exploited

A zero-day vulnerability in the latest WPGateway WordPress premium plugin is being actively exploited in the wild, allowing malicious actors to take over affected sites completely.

“Part of the plugin functionality exposes a vulnerability that allows unauthenticated attackers to insert a malicious administrator,” Wordfence researcher Ram Gall said in an advisory

Tracked as CVE-2022-3180 (CVSS score: 9.8), the flaw is being harnessed to add a malicious superuser to sites running the WPGateway plugin, according to Wordfence a WordPress security firm.

What is WPGateway plugin?

WPGateway provides WordPress payment gateway plugins for different applications including WooCommerceNinja Forms, and Gravity Forms from a unified dashboard.

Is my WPGateway compromised? 

The most common indicator that your WPGateway plugin has been compromised is the presence of an administrator account with the username “rangex.”

Additionally, checking on the access log the appearance of requests to “//wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1” is a sign that your site has recently been targeted using the zero-day flaw, although it doesn’t mean you are compromised.

Wordfence reported that in the last 30 days, it blocked over 4.6 million attacks attempting to exploit the vulnerability against over 280,000 sites.  

Further details about the WPGateway zero-day flaw have been withheld due to active exploitation and to prevent other actors from exploiting it. In the absence of a patch, users should uninstall the plugin from their WordPress until a fix is available.

The news comes just days after Wordfence warned of widespread exploitation of another zero-day flaw in the BackupBuddy WordPress plugin.

The disclosure comes as Sansec revealed that threat actors broke into the extension license system of FishPig, a vendor of popular Magento-WordPress integrations, to inject malicious code designed to install the Rekoobe remote access trojan.

23 thoughts on “Zero-Day Vulnerability Discovered in WPGateway plugin Actively Exploited”

  1. I am a website designer. Recently, I am designing a website template about The boss’s requirements are very strange, which makes me very difficult. I have consulted many websites, and later I discovered your blog, which is the style I hope to need. thank you very much. Would you allow me to use your blog style as a reference? thank you!

  2. I may need your help. I’ve been doing research on gate io recently, and I’ve tried a lot of different things. Later, I read your article, and I think your way of writing has given me some innovative ideas, thank you very much.

  3. Hello! I just would like to give a huge thumbs up for the great info you have here on this post. I will be coming back to your blog for more soon.

  4. I love what you guys are usually up too. This sort of clever work and exposure! Keep up the amazing works guys I’ve added you guys to my own blogroll.

  5. I was wondering if you ever thought of changing the layout of your site? Its very well written; I love what youve got to say. But maybe you could a little more in the way of content so people could connect with it better. Youve got an awful lot of text for only having one or 2 pictures. Maybe you could space it out better?

  6. hey there and thanks in your information – I’ve certainly picked up something new from right here. I did then again expertise a few technical issues the usage of this site, since I skilled to reload the web site lots of occasions prior to I may just get it to load properly. I have been thinking about in case your web host is OK? No longer that I am complaining, but sluggish loading instances times will often have an effect on your placement in google and can harm your quality ranking if ads and ***********|advertising|advertising|advertising and *********** with Adwords. Anyway I’m adding this RSS to my e-mail and can glance out for much extra of your respective intriguing content. Make sure you update this again soon..

  7. I¦ll immediately grasp your rss feed as I can’t to find your email subscription hyperlink or e-newsletter service. Do you have any? Kindly allow me recognise in order that I could subscribe. Thanks.

  8. Great post. I used to be checking constantly this blog and I’m impressed! Extremely useful information specially the last phase 🙂 I take care of such information a lot. I was looking for this particular information for a very lengthy time. Thanks and good luck.

  9. Magnificent beat ! I wish to apprentice even as you amend your website, how can i subscribe for a blog site? The account helped me a appropriate deal. I were tiny bit acquainted of this your broadcast offered vivid clear idea

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top