Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day VulnerabilityThe Hacker News
A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites.
Tracked as CVE-2022-3180 (CVSS score: 9.8), the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin, WordPress security company WordfenceRead More
Source: NWN BLOG