WordPress plugin vulnerability leaves sites open to total takeover

Security firm WordFence has warned of an actively exploited vulnerability in a widely-used WordPress plugin that could leave websites totally exposed to hackers.

WPGateway is a paid plugin that gives WordPress users the ability to manage their website from a centralised dashboard. The flaw, designated CVE-2022-3180, allows for threat actors to add their own profile with administrator access to the dashboard, and completely take over a victim’s website.

WordFence, which provides a firewall service for WordPress websites, released a rule to block the exploit for paying customers on its…


More Info

About mblog.my

Check Also

Malware campaign compromises over 4,500 WordPress sites | SC Media – SC Media

Military-grade xIoT hacking tools are in use, cybercrime for hire that’s predicated on compromised xIoT …

Leave a Reply

Your email address will not be published. Required fields are marked *