- Wordfence Threat Intelligence team has published a warning regarding a zero-day vulnerability in a WordPress plugin.
- The plugin is WPGateWay. It is a management simplification plugin that allows administrators to complete some tasks easier.
- Currently, no patch is available; Wordfence recommends removing the plugin until the patch lands.
While plugins are one of the main reasons for the success of WordPress, they occasionally cause trouble for users and website owners because of vulnerabilities. The WordPress security company Wordfence has made a warning about a new, zero-day vulnerability in the WPGateWay plugin.
Escalation of privilege vulnerability
WPGateWay is a management simplification plugin that allows administrators to back up and restore WP websites, clone them, and manage plugins/themes. The Wordfence Threat Intelligence team has made an announcement about this plugin, stating that it has a critical escalation of privilege vulnerability.
The vulnerability can be tracked as CVE-2022-3180 and allows attackers to add administrator-level users to the exposed websites. Administrator-level users can change anything, install additional plugins, or inject hidden malicious codes into the websites.
Wordfence states that this vulnerability is currently being exploited; thus, did not fully disclose its details of it. However, it is possible to check your website if it is compromised by simply checking the user list in the WordPress admin interface. You should be looking for a new administrator-level user named rangex. If you have this user on the list, your website is compromised.
Currently, no patch is available to fix this issue. Wordfence recommends removing the plugin until a patched version arrives.