WordPress Security Plugin Wordfence Blocked Over 4.6 Million Attacks in a Month: Report

A zero-day vulnerability was actively exploited and the team became aware of it last week.

Advertisement
Written by Sourabh Kulesh, Edited by Richa Sharma | Updated: 15 September 2022 19:03 IST
Highlights
  • About 2,80,000 sites run the WPGateway plugin
  • Incident Response services are being offered through Wordfence Care
  • Its 9.8 CVSS score suggests high vulnerability

Wordfence is a full-featured WordPress security plugin

Photo Credit: Wordfence

Wordfence, one of the most full-featured WordPress security plugins available now, announced earlier this week that it has blocked over 4.6 million cyberattacks, which were targeting a zero-day vulnerability, in the past 30 days. The attacks were being carried out against more than 2,80,000 sites running the WPGateway plugin, which allows its users to setup and manage WordPress sites from a single dashboard. The company is offering Incident Response services via Wordfence Care to those who believe they have been compromised.

Wordfence posted in a blog that on September 8, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability that was being used to attack sites running the WPGateway plugin. It released a firewall rule to Wordfence Premium, Wordfence Care, and Wordfence Response customers to block the exploit on the same day. It also said that the same protection for sites that are running the free version of Wordfence will be released on October 8.

“The Wordfence firewall has successfully blocked over 4.6 million attacks targeting this vulnerability against more than 280,000 sites in the past 30 days,” it added. The zero-day vulnerability found in a “part of the plugin functionality” was reportedly facilitating the addition of a malicious administrator user to sites running the WPGateway plugin, which is tied to the WPGateway cloud service, and offers its users a way to setup and manage WordPress sites from a single dashboard.

Advertisement

It is to be noted that the vulnerability identifier CVE-2022-3180 for this issue was reserved and the CVSS Score (yardstick to assign severity scores to vulnerabilities) was 9.8, suggesting a high vulnerability. Wordfence says that although they are releasing this public service announcement, there are some nitty-gritties that are being withheld in order to prevent further exploitation as “this is an actively exploited zero-day vulnerability, and attackers are already aware of the mechanism required to exploit it.”

Advertisement

How to know if you are compromised

Those who are using the Wordfence plugin can easily determine whether their site has been compromised using this vulnerability or not. If they find a malicious administrator with the username of rangex, and/ or find requests to //wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1 in site's access logs, then it is a surety that they've been attacked. However, it does not mean that the site is fully compromised.

Buying an affordable 5G smartphone today usually means you will end up paying a "5G tax". What does that mean for those looking to get access to 5G networks as soon as they launch? Find out on this week's episode. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
 
Post your comments

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: WordPress, Wordfence, Cybersecurity
OnePlus 10T OxygenOS 13 Closed Beta Test (CBT) Programme Begins in India
Advertisement

Related Stories

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Realme P4 Power 5G Launch Today: Know Price in India, Specs and More
  2. Redmi Note 15 Pro Series Launch Today: Know Price in India, Specs and More
  3. Why the Redmi Note Remains Xiaomi's Easiest Recommendation
  4. Clawdbot (Now Moltbot) Explained: What is It and Why is It Going Viral?
  5. UIDAI's New Aadhaar App Lets You Easily Update Mobile Number, Address
  6. Apple Watch Hypertension Notifications Are Now Available in These Countries
  7. NASA Tests Nuclear Rocket Engine Designed for Faster Deep-Space Missions
  8. How to Share Your Contact Card With New Aadhaar App: A Step-by-Step Guide
  9. QCY SP7 Bluetooth Speaker Review
  10. How to Change Your Mobile Number and Address Using New Aadhaar App
#Latest Stories
  1. Realme P4 Power 5G Launching Today: Know Price in India, Features, Specifications and More
  2. Redmi Note 15 Pro 5G, Redmi Note 15 Pro+ 5G Launching Today: Know Price in India, Features, Specifications and More
  3. Amazon Axes 16,000 Jobs as It Pushes AI and Efficiency
  4. Google AI Plus Plan Expanded Globally as the Most Affordable Gemini Subscription
  5. Redmi Note 15 Pro Series Colourways and Memory Configurations Listed on Amazon
  6. New ALMA Images Reveal Complex Rings Left Behind by Planet Formation
  7. BSNL Bharat Connect Prepaid Plan With 365-Day Validity Launched; Telco's BSNL Superstar Premium Plan Gets Price Cut
  8. Samsung Galaxy S26 Series Listed on US FCC Database With Support for Satellite Connectivity
  9. NASA Tests Nuclear Rocket Engine Designed for Faster Deep-Space Missions
  10. Hidden in Plain Sight: New Report Reveals Dozens of Nudify Apps in Major App Stores
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.