Critical vulnerabilities in WordPress plugins – October 2022

Posted On October 23, 2022

To ensure that your WordPress website is secure and stays that way, you need to have a security plugin.

One reason is that they report regularly on critical vulnerabilities of plugins you might use.

There are few available, although my preference goes to Wordfence.

October is National Cybersecurity Awareness Month in the U.S., and this year’s theme is “See Yourself in Cyber.”

What is really being said by this theme is that we all have a role to play in cybersecurity, whether we work in the industry or not.

With this in mind, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) have identified four key areas where we can all take action to protect our presence online, and work to keep others safe.

These same concepts can be used to help secure WordPress sites as well.

Critical vulnerabilities in WordPress plugins – October 2022

The Wordfence Threat Intelligence team found sofar these vulnerabilities:

The WordPress 6.0.3 Security Update

The WordPress 6.0.3 Security Update contains patches for many vulnerabilities, most of which are low in severity or require a highly privileged user account or additional vulnerable code in order to exploit.

I strongly recommend updating your site as soon as possible, if it has not automatically been updated.

Critical vulnerability in the WPGateway plugin

The Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability being used to add a malicious administrator user to sites running the WPGateway plugin.

The WPGateway plugin is a premium plugin tied to the WPGateway cloud service, which offers its users a way to setup and manage WordPress sites from a single dashboard.

Part of the plugin functionality exposes a vulnerability that allows unauthenticated attackers to insert a malicious administrator.

If you have the WPGateway plugin installed, the Wordfence team urges you to remove it immediately until a patch is made available and to check for malicious administrator users in your WordPress dashboard.

About The Author

lucbizz

I’m Luc Dermul, a Belgian online entrepreneur living in “the big apple of Flanders” Antwerp

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Critical vulnerabilities in WordPress plugins – October 2022

The WordPress 6.0.3 Security Update

Critical vulnerability in the WPGateway plugin

Related Posts

Critical vulnerabilities in WordPress plugins – September 2021

Critical vulnerabilities in WordPress plugins – May 2022

Critical vulnerabilities in WordPress plugins – June 2022

About The Author

lucbizz

Add a Comment