Zero-day in WPGateway WordPress plugin actively exploited in attacks

[ad_1]

WordPress

The Wordfence Threat Intelligence team warned today that WordPress sites are actively targeted with exploits targeting a zero-day vulnerability in the WPGateway premium plugin.

WPGateway is a WordPress plugin that allows admins to simplify various tasks, including setting up and backing up sites and managing themes and plugins from a central dashboard.

This critical privilege escalation security flaw (CVE-2022-3180) enables unauthenticated attackers to add a rogue user with admin privileges to completely take over sites running the vulnerable WordPress plugin.

“On September 8, 2022, the…

[ad_2]
More Info

About mblog.my

Check Also

Adding Images From Your Phone With Ease – WordPress.com News

Adding Images From Your Phone With Ease – WordPress.com News

[ad_1] We’re excited to share a new feature in the desktop editor and Jetpack mobile …

Leave a Reply

Your email address will not be published. Required fields are marked *