Cyberattack: Hackers Target 2,80,00 WordPress Websites

If you own, run or manage a WordPress site, there is shocking news for you about a cyberattack. 2,80,000 WordPress sites got attacked by hackers.

WPGateway, a premium WordPress plugin, has revealed a zero-day bug that is being actively abused in the wild. The vulnerability, known as CVE-2022-3180 (CVSS score: 9.8), enables malicious actors to totally take control of victims’ websites. 

According to Wordfence, the flaw is being used to install a rogue administrator user to the websites using the WPGateway plugin. 

Ram Gall, a Wordfence researcher, highlighted that “part of the plugin features and functions exposes a vulnerability that permits unauthenticated attackers to insert a malicious administrator.” A startling 280000 of these sites have reportedly been attacked.

WordPress plugins & themes can be installed, backed up, and duplicated using WPGateway from a single dashboard. Rangex is the username of the administrator who is controlling the hacked plugin. 

Moreover, the emergence of queries to “/wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp new credentials=1 “is another indication that the bug has been used to hack the WordPress website.

Also Read: Top 5 Most Popular & Successful Hackers In India 2022

Wordfence estimates that over 4.6 million assaults have been launched in the last 30 days against over 2,80,000 sites in an effort to exploit the flaw.

Despite being a known danger since September 8 when it was first made known to WPGateway’s operators, the vulnerability still exists today.

It is advisable for administrators of WordPress websites using WPGateway to look for the inclusion of an administrator with the name “rangex.” 

Users are advised to delete the plugin from their WordPress installations until a solution is released because the vulnerability has not yet been addressed. 

Also Read: Hackers Target LinkedIn Users Primarily For Phishing

Wordfence posted on its site, “If you have the WPGateway plugin installed, we strongly advise you to remove it right away until a patch is made accessible and to check for fraudulent administrator accounts in your WordPress dashboard.”

There have previously been vulnerabilities found on WordPress websites. Due to a bug in Brizy Page Builder, which offers customers a “no-code” website creation experience, more than 90,000 websites were claimed to have been hacked last year.