The Wordfence Threat Intelligence team discovered a zero-day being actively exploited in the premium WPGateway plugin for WordPress. WPGateway is a plugin that provides additional administration tools for WordPress.
The security flaw, assigned CVE-2022-3180, is a privilege escalation vulnerability that allows unauthenticated users to create illegitimate administrator accounts resulting in full control of a WordPress site. The Wordfence firewall reportedly prevented 4.6 million exploitation attempts across 280,000 sites in the last month.
Wordfence has declined to release any information on the details of how the exploitation is performed, only that they have observed it being abused in the wild. In doing so, they hope to prevent further abuse of the vulnerability and allow WordPress users time to update their installations.