Critical vulnerabilities in WordPress plugins – October 2022

To ensure that your WordPress website is secure and stays that way, you need to have a security plugin.

One reason is that they report regularly on critical vulnerabilities of plugins you might use.

There are few available, although my preference goes to Wordfence.

October is National Cybersecurity Awareness Month in the U.S., and this year’s theme is “See Yourself in Cyber.”

What is really being said by this theme is that we all have a role to play in cybersecurity, whether we work in the industry or not.

With this in mind, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) have identified four key areas where we can all take action to protect our presence online, and work to keep others safe.

These same concepts can be used to help secure WordPress sites as well.

Critical vulnerabilities in WordPress plugins – October 2022

The Wordfence Threat Intelligence team found sofar these vulnerabilities:

The WordPress 6.0.3 Security Update

The WordPress 6.0.3 Security Update contains patches for many vulnerabilities, most of which are low in severity or require a highly privileged user account or additional vulnerable code in order to exploit.

I strongly recommend updating your site as soon as possible, if it has not automatically been updated.

Critical vulnerability in the WPGateway plugin

The Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability being used to add a malicious administrator user to sites running the WPGateway plugin.

The WPGateway plugin is a premium plugin tied to the WPGateway cloud service, which offers its users a way to setup and manage WordPress sites from a single dashboard.

Part of the plugin functionality exposes a vulnerability that allows unauthenticated attackers to insert a malicious administrator.

If you have the WPGateway plugin installed, the Wordfence team urges you to remove it immediately until a patch is made available and to check for malicious administrator users in your WordPress dashboard.


All the best,


Thank you for your time. All you have to do now is click one of the buttons below to share with people you know or leave a comment, or subscribe to my newsletter (and enjoy my gift to you). I thank you if you do. 😉

Add a Comment

Your email address will not be published. Required fields are marked *