Active Exploitation of a Zero-Day Vulnerability in WPGateway Plugin

Published on 14 Sep 2022

Updated on 14 Sep 2022

Wordfence Threat Intelligence team has released a security advisory to address a zero-day vulnerability (CVE-2022-3180) in WPGateway plugin, which offers its users a way to setup and manage WordPress sites from a single dashboard. The vulnerability is reportedly being actively exploited.

Successful exploitation of the privilege escalation vulnerability could allow an unauthenticated attacker to add a rogue account with administrator privileges to completely take over sites running the vulnerable WPGateway plugin.

A patch for the vulnerability is currently not available. In the meantime, administrators and users of WordPress sites are strongly advised to remove the WPGateway plugin immediately until a patch is made available and check for suspicious administrator accounts in the Wordpress dashboard.

More information is available here:

https://www.wordfence.com/blog/2022/09/psa-zero-day-vulnerability-in-wpgateway-actively-exploited-in-the-wild/