WPGateway: Via vulnerability to the WordPress admin

A vulnerability in the WordPress plugin WPGateway allows attackers to gain admin rights and attack the corresponding WordPress websites. Security updates are not yet available.

WordPress administrators who use the WPGateway plugin to manage their websites should temporarily disable it for security reasons. The recently discovered critical vulnerability CVE-2022-3180 is already being actively exploited by hackers. It is not yet known when a security patch will be released.

Vulnerability is exploitable without authentication

The vulnerability was discovered by the security researchers at Wordfence. In their report, they hardly provide any details so as not to provoke additional attacks. However, it is known that the vulnerability can probably be exploited without authentication. In this way, attackers can create accounts with admin rights themselves and thus completely compromise the affected websites. The Wordfence researchers have already documented 4.6 million attempted attacks of this type.

Detect attack attempts

If a page is affected, an admin user with the name “rangex” is listed in the WordPress dashboard. Another clear indication can be found in the log file. This is where admins should look out for this suspicious request:

//wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1

Caution: An attempted attack does not necessarily mean that the website in question has been compromised. However, urgent measures should be taken – starting with disabling the WPGateway plugin.

Source: Wordfence</ a>