IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

WordPress plugin vulnerability leaves sites open to total takeover

Customers on WordFence's paid tiers will get protection from the WPGate exploit right away, but those on the free-tier face a 30-day delay

A silhouette of a hand holding a phone displaying the WordPress logo, with a world map drawn in green code in the background

Security firm WordFence has warned of an actively exploited vulnerability in a widely-used WordPress plugin that could leave websites totally exposed to hackers.

WPGateway is a paid plugin that gives WordPress users the ability to manage their website from a centralised dashboard. The flaw, designated CVE-2022-3180, allows for threat actors to add their own profile with administrator access to the dashboard, and completely take over a victim’s website.

Related Resource

An EDR buyer's guide

How to pick the best endpoint detection and response solution for your business

Whitepaper cover with title and image of grey and green blocks, with the green ones connected to each otherFree Download

WordFence, which provides a firewall service for WordPress websites, released a rule to block the exploit for paying customers on its Premium, Care and Response packages ($99, $490 and $950 per year respectively).

However, customers using its free package will not receive protection against attacks until October 8, which could leave small or medium businesses exposed.

For a business, total website takoever could lead to the exfiltration of sensitive financial information or simply lead to the destruction of vital data or even the entire website. Alternatively, threat actors could use the control to launch phishing or malware campaigns through trusted websites, which could cause widespread damage to systems and incur reputational damage upon affected companies.

A similar strategy was recently observed in threat actors targeting Facebook Business or Ad accounts, with the aim of changing payment information on the administrator-side to channel money intended for the company directly to the threat actors.

WordFence claims that its firewall has detected and blocked more than 4.6 million attacks targeting the WPGateway vulnerability, across over 280,000 websites in the past month alone. The operators of WPGateway were informed of the vulnerability on September 8, but it is still believed to be an active threat in the wild.

Administrators of WordPress websites utilising WPGateway have been advised to be on the lookout for the addition of an administrator titled ‘rangex’, which indicates that the website has been breached by threat actors. 

Logs indicating that the website has made a request to '//wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1' also show that it has been targeted by an exploit, but are not certain indicators that takeover has already happened in the same way as the aforementioned rogue user.

“If you have the WPGateway plugin installed, we urge you to remove it immediately until a patch is made available and to check for malicious administrator users in your WordPress dashboard,” advised Wordfence in a blog post.

WordPress plugins have exposed sites to similar vulnerabilities in the past. Last year, over 90,000 websites were put at risk of total takeover because of a flaw in Brizy Page Builder, a plugin that provides users with a ‘no-code’ website building experience. 2020 saw similar exploits in the Elementor plugin used by hackers to install backdoors into a website’s CMS for total control.

IT Pro has approached WordFence for comment.

Featured Resources

Three ways manual coding is killing your business productivity

...and how you can fix it

Free Download

Goodbye broadcasts, hello conversations

Drive conversations across the funnel with the WhatsApp Business Platform

Free Download

Winning with multi-cloud

How to drive a competitive advantage and overcome data integration challenges

Free Download

Talking to a business should feel like messaging a friend

Managing customer conversations at scale with the WhatsApp Business Platform

Free Download

Recommended

New approach to ransomware encryption threatens to undermine cyber security strategies
ransomware

New approach to ransomware encryption threatens to undermine cyber security strategies

12 Sep 2022
French telco giant Altice reportedly hit by Hive ransomware attack
Security

French telco giant Altice reportedly hit by Hive ransomware attack

26 Aug 2022
Escape the ransomware maze
Whitepaper

Escape the ransomware maze

23 Aug 2022
What is zero trust?
network security

What is zero trust?

14 Jul 2022

Most Popular

What your hybrid workforce needs from their laptops
Advertisement Feature

What your hybrid workforce needs from their laptops

21 Sep 2022
How to secure your hybrid workforce
Advertisement Feature

How to secure your hybrid workforce

23 Sep 2022
BT's new platform promises to slash AI development time from months to days
artificial intelligence (AI)

BT's new platform promises to slash AI development time from months to days

3 Oct 2022