PSA: Zero-Day Vulnerability in WPGateway Actively Exploited in the Wild

On September 8, 2022, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability being used to add a malicious administrator user to sites running the WPGateway plugin. We released a firewall rule to Wordfence Premium, Wordfence Care, and Wordfence Response customers to block the exploit on the same day, September 8, 2022.

Contents

PSA: Zero-Day Vulnerability in WPGateway Actively Exploited in the Wild Vulnerability Details

Sites still running the free version of Wordfence will receive the same protection 30 days later, on October 8, 2022. The Wordfence firewall has successfully blocked over 4.6 million attacks targeting this vulnerability against more than 280,000 sites in the past 30 days.

Vulnerability Details

Description: Unauthenticated Privilege Escalation
Affected Plugin: WPGateway
Plugin Slug: wpgateway
Plugin Developer: Jack Hopman/WPGateway
Affected Versions:

Source: wordfence.com

PSA: Zero-Day Vulnerability in WPGateway Actively Exploited in the Wild

PSA: Zero-Day Vulnerability in WPGateway Actively Exploited in the Wild

Vulnerability Details

Translate this article

STAY CONECTED

LAST 10 ALERT

Zero-click remote hacks for Samsung, Google, and Vivo smartphones

How to create images with AI on Bing Chat

How to enable battery saver on Windows 11

How to disable driver signature enforcement on Windows 10

No, AI did not break post-quantum cryptography

Related stories

10 New Stories

Zero-click remote hacks for Samsung, Google, and Vivo smartphones

How to create images with AI on Bing Chat

How to enable battery saver on Windows 11

How to disable driver signature enforcement on Windows 10

No, AI did not break post-quantum cryptography