Daily News for Every Age

WordPress Websites hacked due to a Zero-Day Vulnerability in the WPGateway Plugin

By Yamini Sharma On Sep 14, 2022

Many WordPress sites are at risk of being completely compromised as a result of a zero-day vulnerability in the WPGateway plugin.

According to Wordfence, a copy of the WPGateway plugin obtained on September 9th is still vulnerable.

An unauthenticated attacker can exploit the flaw to add an administrator account to websites that use the plugin.

Wordfence has blocked over 4.6 million attack attempts against the plugin on over 280,000 sites in the last 30 days.

Site owners can also look through their access logs for specific requests that indicate they have been targeted.

The presence of an administrator account with the username ‘rangex’ in the dashboard indicates that the WordPress site has been compromised.

Yamini Sharma

I am from Lucknow, Uttar Pradesh, currently pursuing graduation from the University of Delhi. I have an interest in reading books and articles. My favourite genre includes health, art and design.

Google rumoured to be working on a small-screen Pixel phones

Dakshina Kannada DC’s phone hacked