Severe flaw in popular plugin remains unpatched

An actively exploited zero-day vulnerability in WordPress plugin WPGateway has led to more than 4.6 million attempted attacks in the past month. The currently unpatched flaw is the second significant WordPress vulnerability to be found over the past week.

A WordPress plugin vulnerability is being actively targeted for attack. (Photo by Primakov/Shutterstock)

When exploited, this vulnerability, identified as CVE-2022-3180, is used to add malicious administrator users to sites running the plugin. Administrator privileges allow…


More Info

About mblog.my

Check Also

New Prototype Runs WordPress in the Browser with No PHP Server – WP Tavern

Automattic-sponsored core contributor Adam Zielinski published a demo today of WordPress running in the browser …

Leave a Reply

Your email address will not be published. Required fields are marked *