Live Now

WordPress Security Plugin Wordfence Blocked Over 4.6 Million Attacks in a Month: Report

A zero-day vulnerability was actively exploited and the team became aware of it last week.

Advertisement
Written by Sourabh Kulesh, Edited by Richa Sharma | Updated: 15 September 2022 19:03 IST
Highlights
  • About 2,80,000 sites run the WPGateway plugin
  • Incident Response services are being offered through Wordfence Care
  • Its 9.8 CVSS score suggests high vulnerability
WordPress Security Plugin Wordfence Blocked Over 4.6 Million Attacks in a Month: Report

Wordfence is a full-featured WordPress security plugin

Photo Credit: Wordfence

Wordfence, one of the most full-featured WordPress security plugins available now, announced earlier this week that it has blocked over 4.6 million cyberattacks, which were targeting a zero-day vulnerability, in the past 30 days. The attacks were being carried out against more than 2,80,000 sites running the WPGateway plugin, which allows its users to setup and manage WordPress sites from a single dashboard. The company is offering Incident Response services via Wordfence Care to those who believe they have been compromised.

Wordfence posted in a blog that on September 8, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability that was being used to attack sites running the WPGateway plugin. It released a firewall rule to Wordfence Premium, Wordfence Care, and Wordfence Response customers to block the exploit on the same day. It also said that the same protection for sites that are running the free version of Wordfence will be released on October 8.

“The Wordfence firewall has successfully blocked over 4.6 million attacks targeting this vulnerability against more than 280,000 sites in the past 30 days,” it added. The zero-day vulnerability found in a “part of the plugin functionality” was reportedly facilitating the addition of a malicious administrator user to sites running the WPGateway plugin, which is tied to the WPGateway cloud service, and offers its users a way to setup and manage WordPress sites from a single dashboard.

It is to be noted that the vulnerability identifier CVE-2022-3180 for this issue was reserved and the CVSS Score (yardstick to assign severity scores to vulnerabilities) was 9.8, suggesting a high vulnerability. Wordfence says that although they are releasing this public service announcement, there are some nitty-gritties that are being withheld in order to prevent further exploitation as “this is an actively exploited zero-day vulnerability, and attackers are already aware of the mechanism required to exploit it.”

Advertisement

How to know if you are compromised

Those who are using the Wordfence plugin can easily determine whether their site has been compromised using this vulnerability or not. If they find a malicious administrator with the username of rangex, and/ or find requests to //wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1 in site's access logs, then it is a surety that they've been attacked. However, it does not mean that the site is fully compromised.

Buying an affordable 5G smartphone today usually means you will end up paying a "5G tax". What does that mean for those looking to get access to 5G networks as soon as they launch? Find out on this week's episode. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
 
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: WordPress, Wordfence, Cybersecurity
OnePlus 10T OxygenOS 13 Closed Beta Test (CBT) Programme Begins in India
Advertisement

Related Stories

Tech News in Hindi »

More Technology News in Hindi »
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Microsoft Wants Websites to Have an AI-Powered Natural Language Interface
  2. Infinix Hot 60 Pro+ Tipped to Debut as the Slimmest Curved Screen Phone
  3. OnePlus Pad 3 With Snapdragon 8 Elite SoC to Launch Globally on This Date
  4. Scientists Transform Lead into Gold, But Only for a Fleeting Moment
  5. Qualcomm Will Unveil New Snapdragon Flagship SoC Earlier Than Usual
  6. How HP Plans to Stand Out as AI PCs Shift Focus to Software
  7. Nothing Phone 3 Confirmed to Launch Globally in July
  8. iQOO Neo 10 Pro+ With Snapdragon 8 Elite, 6,800mAh Battery Launched
  9. AI Mode in Google Search Will Now Help You Buy Clothes and Movie Tickets
  10. Google I/O 2025 Highlights: Everything Google Announced at Google I/O
#Latest Stories
  1. Google I/O 2025: AI Mode in Search Gets Agentic Capabilities and a Shopping Experience
  2. Apple WWDC 2025 to Be Held From June 9 to June 13: All You Need to Know
  3. Scientists Transform Lead into Gold, But Only for a Fleeting Moment
  4. Scientists Discover Three-Eyed Sea Moth From Half a Billion Years Ago
  5. NASA's LROC Captures ispace RESILIENCE Landing Site Ahead of June 2025 Lunar Touchdown
  6. Canadian Astrophotographer Captures Stunning Sunflower Galaxy from Ontario
  7. Venus Aerospace Tests Breakthrough RDRE Engine With First Flight in US
  8. US DoJ Said to Open Probe Into Coinbase Data Breach, Firm Claims Involvement of Indian Employees
  9. Supreme Court Questions Lack of Crypto Regulatory Measures, Oversight: Report
  10. iQOO Neo 10 Pro+ With Snapdragon 8 Elite, 6,800mAh Battery Launched: Price, Specifications
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.