1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Over 280,000 WordPress sites may have been hijacked by zero-day h

    From TechnologyDaily@1337:1/100 to All on Wed Sep 14 21:30:03 2022
    Over 280,000 WordPress sites may have been hijacked by zero-day hiding in popular plugin

    Date:
    Wed, 14 Sep 2022 20:09:22 +0000

    Description:
    Over 280,000 WordPress sites may have been taken over thanks to zero-day in popular plugin.

    FULL STORY ======================================================================

    A zero-day vulnerability found in a premium WordPress plugin is being
    actively exploited in the wild, researchers are saying, urging users to
    remove it from their websites until a patch is released.

    WordPress security plugin makers WordFence uncovered a flaw in WPGateway, a premium plugin helping admins manage other WordPress plugins and themes from
    a single dashboard.

    According to the researchers, the flaw is tracked as CVE-2022-3180, and carries a severity score of 9.8. It allows threat actors to create an admin user on the platform, meaning theyd have the ability to take over the entire website if they so pleased. Millions of attacks

    "Part of the plugin functionality exposes a vulnerability that allows unauthenticated attackers to insert a malicious administrator," said Ram
    Gall, Wordfence researcher.

    Wordfence added it successfully blocked more than 4.6 million attacks,
    against more than 280,000 sites, in the last month, alone. That also means that the number of attacked (and possibly compromised) websites is probably much, much larger.

    A patch for the flaw is not yet available, the researchers said, and there is no workaround. The only way to stay safe, for the time being, is to remove
    the plugin from the website altogether, and wait for the patch to arrive, researchers stressed.

    Webmasters looking for indicators of compromise should check their sites for admin accounts named rangex. Furthermore, they should look for requests to "//wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credential s=1" in the access logs, as that is a sign of an attempted breach. This sign, however, doesnt necessarily mean it was successful. Read more

    WordPress plugin exposes half a million sites to attack


    Yet another WordPress plugin puts hundreds of thousands of sites at risk


    These are the best WordPress Plugins right now

    Other details are scarce for the moment, given the fact that the flaw is
    being actively exploited, and that the fix is not yet available.

    WordPress is the worlds most popular website builder, and as such, is under constant attack by cybercriminals. While the platform itself is generally considered safe, its plugins, of which there are hundreds of thousands, are often the weak link that leads to compromise. Here are the best managed WordPress hosting providers today

    Via: The Hacker News



    ======================================================================
    Link to news story: https://www.techradar.com/news/over-280000-wordpress-sites-may-have-been-hijac ked-by-zero-day-hiding-in-popular-plugin/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)