WordPress - Vulnérabilité WPGateway - CVE-2022-3180

this WordPress plugin contains a zero-day flaw

A new zero-day security flaw affects the latest version of the “WPGateway” extension for WordPress. By exploiting this vulnerability, cybercriminals can take full control of vulnerable sites.

WPGateway is a plugin for WordPress that allows you to benefit from a single dashboard to manage several sites under WordPress. The extension allows you to perform various and varied tasks: configuration management, themes, extensions, backup, etc…

The latest version of WPGateway contains a zero-day vulnerability associated with the reference CVE-2022-3180, with a CVSS score of 9.8 out of 10. According to the team of Wordfence Threat Intelligence, this vulnerability is actively exploited in cyberattacks. Wordfence said it blocked more than 4.6 million attacks based on exploiting this vulnerability, for a total of 280,000 sites targetedwithin the last 30 days.

This can be understood because by exploiting the vulnerability, an attacker can create an administrator account allowing him to recover access to the various managed sitesall without the need to be authenticated.

The most common indicator of compromise that shows that a site that uses this extension has been compromised is the presence ofan administrator with the username “rangex“. Moreover, if in the logs there is a request of the type “/wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1“, this shows that there was an attempt to exploit the vulnerability. Even if this does not mean that your site is compromised, it is advisable to carry out the necessary checks (in particular by looking at the list of administrator accounts).

At the moment there is no fix so it is highly recommended to remove this extension if you are using it, and also check for malicious admins in the WordPress dashboard. Of course, you can re-enable it later when a fix is ​​available so it’s not exposed for the time being.



#WordPress #plugin #zeroday #flaw

Leave a Comment

Your email address will not be published. Required fields are marked *