A zero-day vulnerability found in a premium WordPress plugin is being actively exploited in the wild, researchers are saying, urging users to remove it from their websites until a patch is released.
WordPress security plugin(opens in new tab) makers WordFence
uncovered a flaw in WPGateway, a premium plugin helping admins manage other
WordPress plugins and themes from a single dashboard.
According to the researchers, the flaw is tracked as
CVE-2022-3180, and carries a severity score of 9.8. It allows threat actors to
create an admin user on the platform, meaning they’d have the ability to take
over the entire website if they so pleased.
Millions of attacks
"Part of the plugin functionality exposes a
vulnerability that allows unauthenticated attackers to insert a malicious
administrator," said Ram Gall, Wordfence researcher.
Wordfence added it successfully blocked more than 4.6
million attacks, against more than 280,000 sites, in the last month, alone.
That also means that the number of attacked (and possibly compromised) websites
is probably much, much larger.
A patch for the flaw is not yet available, the researchers
said, and there is no workaround. The only way to stay safe, for the time
being, is to remove the plugin from the website altogether, and wait for the
patch to arrive, researchers stressed.
Webmasters looking for indicators of compromise should check
their sites for admin accounts named “rangex”. Furthermore, they should look
for requests to
"//wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1"
in the access logs, as that is a sign of an attempted breach. This sign,
however, doesn’t necessarily mean it was successful.
Other details are scarce for the moment, given the fact that
the flaw is being actively exploited, and that the fix is not yet available.
WordPress(opens in new tab) is the world’s most popular
website builder, and as such, is under constant attack by cybercriminals. While
the platform itself is generally considered safe, its plugins, of which there
are hundreds of thousands, are often the weak link that leads to compromise.
0 comments:
Post a Comment