Wordfence, one of the most full-featured WordPress security plugins now available, announced earlier this week that it had blocked more than 4.6 million cyberattacks in the past 30 days, targeting a zero-day vulnerability. Was doing. The attacks were being conducted against more than 2,80,000 sites running the WPGateway plugin, which allows its users to setup and manage WordPress sites from a single dashboard. The Company is providing Incident Response Services through Wordfence Care to those who believe that they have been compromised.
Posted in Wordfence blog That on September 8, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability that was being used to attack sites running the WPGateway plugin. It issued a firewall rule for Wordfence Premium, Wordfence Care, and Wordfence Response customers to prevent same-day exploits. It also said that the same protection for sites running the free version of WordFence will be released on October 8.
“Wordfence Firewall has successfully blocked more than 4.6 million attacks targeting this vulnerability against more than 280,000 sites in the past 30 days.” The zero-day vulnerability found in “part of the plugin functionality” was allegedly facilitating the addition of a malicious admin user to sites running the WPGateway plugin, linked to the WPGateway cloud service, and allowing their users to setup Provides a way to manage and manage WordPress sites from a single dashboard.
It should be noted that the vulnerability identifier CVE-2022-3180 was reserved for this issue and the CVSS score (criterion for assigning severity scores to vulnerabilities) was 9.8, suggesting a high vulnerability. WordFence says that although they are releasing this public service announcement, there are some specifics that are being withheld to prevent further exploitation because “this is an actively exploited zero-day vulnerability, and will allow attackers We already know about the necessary mechanisms to exploit it.”
How to Know If You’re Compromised
Those who are using the Wordfence plugin can easily determine whether their site has been compromised by using this vulnerability. If they find a malicious administrator with a username of rangexand/or find requests to //wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1 In the access log of the site, then it is a surety that they have been attacked. However, this does not mean that the site has been completely compromised.
