WordPress Security Plugin Wordfence Blocked Over 4.6 Million Attacks in a Month: Report

A zero-day vulnerability was actively exploited and the team became aware of it last week.

Advertisement
Written by Sourabh Kulesh, Edited by Richa Sharma | Updated: 15 September 2022 19:03 IST
Highlights
  • About 2,80,000 sites run the WPGateway plugin
  • Incident Response services are being offered through Wordfence Care
  • Its 9.8 CVSS score suggests high vulnerability

Wordfence is a full-featured WordPress security plugin

Photo Credit: Wordfence

Wordfence, one of the most full-featured WordPress security plugins available now, announced earlier this week that it has blocked over 4.6 million cyberattacks, which were targeting a zero-day vulnerability, in the past 30 days. The attacks were being carried out against more than 2,80,000 sites running the WPGateway plugin, which allows its users to setup and manage WordPress sites from a single dashboard. The company is offering Incident Response services via Wordfence Care to those who believe they have been compromised.

Wordfence posted in a blog that on September 8, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability that was being used to attack sites running the WPGateway plugin. It released a firewall rule to Wordfence Premium, Wordfence Care, and Wordfence Response customers to block the exploit on the same day. It also said that the same protection for sites that are running the free version of Wordfence will be released on October 8.

“The Wordfence firewall has successfully blocked over 4.6 million attacks targeting this vulnerability against more than 280,000 sites in the past 30 days,” it added. The zero-day vulnerability found in a “part of the plugin functionality” was reportedly facilitating the addition of a malicious administrator user to sites running the WPGateway plugin, which is tied to the WPGateway cloud service, and offers its users a way to setup and manage WordPress sites from a single dashboard.

Advertisement

It is to be noted that the vulnerability identifier CVE-2022-3180 for this issue was reserved and the CVSS Score (yardstick to assign severity scores to vulnerabilities) was 9.8, suggesting a high vulnerability. Wordfence says that although they are releasing this public service announcement, there are some nitty-gritties that are being withheld in order to prevent further exploitation as “this is an actively exploited zero-day vulnerability, and attackers are already aware of the mechanism required to exploit it.”

Advertisement

How to know if you are compromised

Those who are using the Wordfence plugin can easily determine whether their site has been compromised using this vulnerability or not. If they find a malicious administrator with the username of rangex, and/ or find requests to //wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1 in site's access logs, then it is a surety that they've been attacked. However, it does not mean that the site is fully compromised.

Buying an affordable 5G smartphone today usually means you will end up paying a "5G tax". What does that mean for those looking to get access to 5G networks as soon as they launch? Find out on this week's episode. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
 
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: WordPress, Wordfence, Cybersecurity
OnePlus 10T OxygenOS 13 Closed Beta Test (CBT) Programme Begins in India
Advertisement

Related Stories

Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. All the Key Differences Between iPhone 17 and iPhone 17 Pro
  2. Apple Launches iPhone 17 Pro, 17 Pro Max With These Massive Upgrades
  3. Apple Launches iPhone 17 at 'Awe Dropping' Event With These Upgrades
  4. iPhone 17 Price Around the World: Cheapest & Most Expensive Countries
  5. Apple MacBook Air M4 Available With Up to Rs. 16,000 Discount via Amazon
  6. iPhone 17 Series Pre-Orders in India: Check Prices, EMI Options, and Offers
  7. Apple Watch Series 11, Ultra 3, SE Launched With These Health Features
  8. Xiaomi Confirms Authorised Retailers Ahead of Amazon, Flipkart Festive Sales
  9. iPhone 17 Price in India: See the Full Price List for All New Devices
  10. iQOO 15, iQOO Neo 11 Series Details Tipped; Might Feature 7,000mAh Battery
#Latest Stories
  1. How to Pre-Order iPhone 17, iPhone Air, iPhone 17 Pro, and iPhone 17 Pro Max in India: Dates, Timings, and Offers
  2. iPhone 16 and iPhone 16 Plus Price in India Slashed: Check New Prices
  3. Apple Announces iOS 26 and watchOS 26 Release Date for All Eligible Devices
  4. iPhone 17 Pro, iPhone 17 Pro Max Are Here: Massive Camera Upgrades, and A19 Pro Chip
  5. iPhone Air Launched: Ultra-Slim Form Factor, Apple Intelligence Features, and More
  6. iPhone 17 Launched: A19 Chip, Apple Intelligence, and More
  7. Apple Watch Series 11, Ultra 3, and SE Launched: Thinner Design and New Health Sensors
  8. AirPods Pro 3 Launched: Featuring Lossless Audio and a Redesigned Case
  9. Kazakhstan’s President Proposes Strategic Crypto Reserve, Fully Digitalised Alatau City Project
  10. Tecno Spark Slim Full Specifications Revealed; Features MediaTek Helio G200 SoC, 5.93mm Thick Build
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.