Threat actors are actively exploiting a zero-day vulnerability in the WPGateway premium plugin to target WordPress websites.
The Wordfence Threat Intelligence team reported that threat actors are actively exploiting a zero-day vulnerability (CVE-2022-3180) in the WPGateway premium plugin in attacks aimed at WordPress sites.
The WPGateway plugin is a premium plugin that allows users of the WPGateway cloud service to setup and manage WordPress sites from a single dashboard.
The CVE-2022-3180 flaw is a privilege escalation security issue, an unauthenticated attacker can trigger the flaw to add a rogue user with admin privileges to completely take over the sites running the vulnerable WordPress plugin.
The company did not share technical details about the attacks to prevent further exploitation in attacks in the wild.
Any way the company shared Indicators of compromise (IoCs) to allow WordPress admins to determine it their WordPress site has been compromised.
