WordPress Security Plugin Wordfence Blocked Over 4.6 Million Attacks in a Month: Report

A zero-day vulnerability was actively exploited and the team became aware of it last week.

Advertisement
Written by Sourabh Kulesh, Edited by Richa Sharma | Updated: 15 September 2022 19:03 IST
Highlights
  • About 2,80,000 sites run the WPGateway plugin
  • Incident Response services are being offered through Wordfence Care
  • Its 9.8 CVSS score suggests high vulnerability
WordPress Security Plugin Wordfence Blocked Over 4.6 Million Attacks in a Month: Report

Wordfence is a full-featured WordPress security plugin

Photo Credit: Wordfence

Wordfence, one of the most full-featured WordPress security plugins available now, announced earlier this week that it has blocked over 4.6 million cyberattacks, which were targeting a zero-day vulnerability, in the past 30 days. The attacks were being carried out against more than 2,80,000 sites running the WPGateway plugin, which allows its users to setup and manage WordPress sites from a single dashboard. The company is offering Incident Response services via Wordfence Care to those who believe they have been compromised.

Wordfence posted in a blog that on September 8, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability that was being used to attack sites running the WPGateway plugin. It released a firewall rule to Wordfence Premium, Wordfence Care, and Wordfence Response customers to block the exploit on the same day. It also said that the same protection for sites that are running the free version of Wordfence will be released on October 8.

“The Wordfence firewall has successfully blocked over 4.6 million attacks targeting this vulnerability against more than 280,000 sites in the past 30 days,” it added. The zero-day vulnerability found in a “part of the plugin functionality” was reportedly facilitating the addition of a malicious administrator user to sites running the WPGateway plugin, which is tied to the WPGateway cloud service, and offers its users a way to setup and manage WordPress sites from a single dashboard.

It is to be noted that the vulnerability identifier CVE-2022-3180 for this issue was reserved and the CVSS Score (yardstick to assign severity scores to vulnerabilities) was 9.8, suggesting a high vulnerability. Wordfence says that although they are releasing this public service announcement, there are some nitty-gritties that are being withheld in order to prevent further exploitation as “this is an actively exploited zero-day vulnerability, and attackers are already aware of the mechanism required to exploit it.”

Advertisement

How to know if you are compromised

Those who are using the Wordfence plugin can easily determine whether their site has been compromised using this vulnerability or not. If they find a malicious administrator with the username of rangex, and/ or find requests to //wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1 in site's access logs, then it is a surety that they've been attacked. However, it does not mean that the site is fully compromised.

Buying an affordable 5G smartphone today usually means you will end up paying a "5G tax". What does that mean for those looking to get access to 5G networks as soon as they launch? Find out on this week's episode. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
 
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: WordPress, Wordfence, Cybersecurity
OnePlus 10T OxygenOS 13 Closed Beta Test (CBT) Programme Begins in India
Advertisement

Related Stories

Tech News in Hindi »

More Technology News in Hindi »
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. OnePlus 13s Set to Launch in India Tomorrow: Know Price, Specifications
  2. Vivo T4 Ultra to Launch in India on This Date
  3. OnePlus 13s Key Specifications, Features Revealed via Amazon Listing
  4. Poco F7 Launch Timeline, Key Specifications Leaked Ahead of Debut
  5. WazirX Restructuring Plan Rejected By Singapore High Court
  6. iOS 26 to Arrive With These Upgrades for Messages, Apple Music and CarPlay
  7. Samsung Teases 'Ultra' Foldable, May Debut Alongside Galaxy Z Fold 7
#Latest Stories
  1. WazirX Restructuring Plan Rejected By Singapore High Court; Crypto Firm to Appeal Decision
  2. Realme 15 5G to Be Available in Four Memory Configurations, Three Colour Options: Report
  3. Tales of Kenzera: Zau Developer Announces Horror Game Dead Take, Pocketpair Set to Publish
  4. Poco F7 Global Launch Timeline Leaked; Indian Variant Tipped to Feature Larger Battery
  5. Reliance, Airtel Group Challenges 'Low' India Satcom Fee Which Can Help Starlink
  6. Samsung Galaxy Z Fold 7, Galaxy Z Flip 7, Galaxy Z Flip 7 FE Colourways, RAM and Storage Options Leaked Ahead of Debut
  7. Australia Limits Crypto ATM Transactions to AUD 5,000 in Bid to Curb Scams, Money Laundering
  8. Google Opens Access to Gemini 2.5 Native Audio Dialog and Controllable Speech Generation in Preview
  9. Vi, Vivo Partner to Offer Vivo V50e Buyers in India an Exclusive 5G Bundled Plan
  10. Google Weather in Search Reportedly Testing AI-Powered Summaries In Some Cities
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.