Over 280,000 WordPress sites may have been hijacked by zero-day hiding in popular plugin

Audio player loading…

A zero-day vulnerability found in a premium WordPress plugin is being actively exploited in the wild, researchers are saying, urging users to remove it from their websites until a patch is released.

WordPress security plugin (opens in new tab) makers WordFence uncovered a flaw in WPGateway, a premium plugin helping admins manage other WordPress plugins and themes from a single dashboard.

According to the researchers, the flaw is tracked as CVE-2022-3180, and carries a severity score of 9.8. It allows threat actors to create an admin user on the platform, meaning they’d have the …

Read more…….