Web Development

CVE-2022-3180: critical zero-day vulnerability discovered in WPGateway WordPress plugin

By Steven, on July 21, 2023 - 2 min read

In a clear-cut illustration of the ongoing battle for online security, a critical zero-day vulnerability (CVE-2022-3180) has just been unmasked in the WPGateway WordPress Plugin.

This ominous software bug is a ticking bomb, potentially enabling anonymous attackers to unleash chaos on unsuspecting websites. Who exposed this threat? What can we do to protect ourselves? Let’s decode this digital enigma.

The discovery of the vulnerability

The crack in the WPGateway armor was identified by the ever-vigilant Wordfence Threat Intelligence team.

The vulnerability (CVE-2022-3180), flagged on 8th September 2022, could give rogue users the power to add malignant figures with administrative privileges to your webpage – opening the doors for them to seize complete control.


Alarmingly, over 280,000 sites are currently in harm’s way due to this security flaw.

Technical details and mitigation actions

WPGateway Plugin versions up until 3.5 are in jeopardy as per this newfound discovery. The sinister footprint? A malicious user with the identifier “rangex” sitting proudly among your WordPress dashboard’s administrator list.

wpgateway plugin

If you come across this figure, it’s a clear signal of compromise.

Immediate actions include:

  • removing the WPGateway Plugin straight away,
  • and vigilantly scouring your WordPress dashboard for any unauthorized administrative figures.

Wordfence shed light on this looming threat to the WPGateway Plugin supplier on the next day of discovery – 9th September 2022.

CVE-2022-3180: Prevention Measures

With the ever-escalating cyber threats, users and administrators alike are urged to always use the latest WordPress version – 6.0.2 being the most current one, packed with all the necessary security patches and technical support.

In addition, having a reliable Web Application Firewall (WAF) like FortiWeb Cloud can provide an additional security layer against not just zero-day attacks but also other application-layer assaults without demanding any major changes on your website.

Wordfence’s Active Response

The team at Wordfence sprung into action immediately- blocking a staggering 4.6 million attacks directed towards this vulnerability over just the past 30 days.

On the day the flaw was revealed, Wordfence Premium, Wordfence Care, and Wordfence Response customers benefited from a firewall rule that disrupted any attempts to exploit it.

For those using a free version of Wordfence, protection against this specific threat will take effect 30 days post-discovery – that would be by the 8th of October, 2022.

In the unfortunate event of compromise, Wordfence offers incident response services through Wordfence Care and Wordfence Response for site cleanup and support.

CVE-2022-3180: in a nutshell

On the dark chess board of unwelcome surprises that is cyberspace, staying guarded against potential threats is paramount.

Keep your software updated, be vigilant of unexpected users and consider additional security measures such as reliable WAFs. And remember, teams like Wordfence are always out there, striving to keep your digital world safe and secure.