{"id":363569,"date":"2022-09-14T01:48:25","date_gmt":"2022-09-14T03:48:25","guid":{"rendered":"https:\/\/teknomers.com\/fr\/plus-de-280-000-sites-wordpress-attaques-a-laide-de-la-vulnerabilite-zero-day-du-plug-in-wpgateway\/"},"modified":"2022-09-14T01:48:26","modified_gmt":"2022-09-14T03:48:26","slug":"plus-de-280-000-sites-wordpress-attaques-a-laide-de-la-vulnerabilite-zero-day-du-plug-in-wpgateway","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/plus-de-280-000-sites-wordpress-attaques-a-laide-de-la-vulnerabilite-zero-day-du-plug-in-wpgateway\/","title":{"rendered":"Plus de 280 000 sites WordPress attaqu\u00e9s \u00e0 l&#8217;aide de la vuln\u00e9rabilit\u00e9 Zero-Day du plug-in WPGateway"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>Une faille zero-day dans la derni\u00e8re version d&#8217;un plugin WordPress premium connu sous le nom de <a rel=\"nofollow noopener\" href=\"https:\/\/www.wpgateway.com\/\" target=\"_blank\">Passerelle WPG<\/a> est activement exploit\u00e9 dans la nature, permettant potentiellement \u00e0 des acteurs malveillants de prendre compl\u00e8tement le contr\u00f4le des sites affect\u00e9s.<\/p>\n<p>Suivi comme <strong>CVE-2022-3180<\/strong> (Score CVSS : 9,8), le probl\u00e8me est en train d&#8217;\u00eatre militaris\u00e9 pour ajouter un utilisateur administrateur malveillant aux sites ex\u00e9cutant le plug-in WPGateway, a not\u00e9 la soci\u00e9t\u00e9 de s\u00e9curit\u00e9 WordPress Wordfence.<\/p>\n<p>&#8220;Une partie de la fonctionnalit\u00e9 du plug-in expose une vuln\u00e9rabilit\u00e9 qui permet \u00e0 des attaquants non authentifi\u00e9s d&#8217;ins\u00e9rer un administrateur malveillant&#8221;, a d\u00e9clar\u00e9 le chercheur de Wordfence, Ram Gall. <a rel=\"nofollow noopener\" href=\"https:\/\/www.wordfence.com\/blog\/2022\/09\/psa-zero-day-vulnerability-in-wpgateway-actively-exploited-in-the-wild\/\" target=\"_blank\">a dit<\/a> dans un avis.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/strike-d\" target=\"_blank\" title=\"DevOps backupy\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/09\/Plus-de-280-000-sites-WordPress-attaques-a-laide-de.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>WPGateway est factur\u00e9 comme un moyen pour les administrateurs de site d&#8217;installer, de sauvegarder et de cloner des plugins et des th\u00e8mes WordPress \u00e0 partir d&#8217;un tableau de bord unifi\u00e9.<\/p>\n<p>L&#8217;indicateur le plus courant qu&#8217;un site Web ex\u00e9cutant le plugin a \u00e9t\u00e9 compromis est la pr\u00e9sence d&#8217;un administrateur avec le nom d&#8217;utilisateur &#8220;rangex&#8221;.<\/p>\n<p>De plus, l&#8217;apparition de requ\u00eates \u00e0 &#8220;\/\/wp-content\/plugins\/wpgateway\/wpgateway-webservice-new.php?wp_new_credentials=1&#8221; dans les logs d&#8217;acc\u00e8s est un signe que le site WordPress a \u00e9t\u00e9 cibl\u00e9 par la faille, bien qu&#8217;il n&#8217;implique pas n\u00e9cessairement une violation r\u00e9ussie.<\/p>\n<p>Wordfence a d\u00e9clar\u00e9 avoir bloqu\u00e9 plus de 4,6 millions d&#8217;attaques tentant de tirer parti de la vuln\u00e9rabilit\u00e9 contre plus de 280 000 sites au cours des 30 derniers jours.<\/p>\n<p>De plus amples d\u00e9tails sur la vuln\u00e9rabilit\u00e9 ont \u00e9t\u00e9 retenus en raison d&#8217;une exploitation active et pour emp\u00eacher d&#8217;autres acteurs de profiter de la lacune.  En l&#8217;absence de correctif, il est recommand\u00e9 aux utilisateurs de supprimer le plugin de leurs installations WordPress jusqu&#8217;\u00e0 ce qu&#8217;un correctif soit disponible.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowd-mid-d\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/09\/1663127305_866_Plus-de-280-000-sites-WordPress-attaques-a-laide-de.png\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>Le d\u00e9veloppement intervient quelques jours apr\u00e8s que Wordfence a averti de l&#8217;abus dans la nature d&#8217;une autre faille zero-day dans un plugin WordPress appel\u00e9 BackupBuddy.<\/p>\n<p>La divulgation arrive aussi comme Sansec <a rel=\"nofollow noopener\" href=\"https:\/\/sansec.io\/research\/rekoobe-fishpig-magento\" target=\"_blank\">r\u00e9v\u00e9l\u00e9<\/a> que les acteurs de la menace ont fait irruption dans le syst\u00e8me de licence d&#8217;extension de <a rel=\"nofollow noopener\" href=\"https:\/\/fishpig.co.uk\/security-announcements\/#X20220913\" target=\"_blank\">PoissonCochon<\/a>un fournisseur d&#8217;int\u00e9grations Magento-WordPress populaires, pour injecter du code malveillant con\u00e7u pour installer un cheval de Troie d&#8217;acc\u00e8s \u00e0 distance appel\u00e9 Rekoobe.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/09\/over-280000-wordpress-sites-attacked.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Une faille zero-day dans la derni\u00e8re version d&#8217;un plugin WordPress premium connu sous le nom de Passerelle WPG est activement exploit\u00e9 dans la nature, permettant potentiellement \u00e0 des acteurs malveillants de prendre compl\u00e8tement le contr\u00f4le des sites affect\u00e9s. Suivi comme CVE-2022-3180 (Score CVSS : 9,8), le probl\u00e8me est en train d&#8217;\u00eatre militaris\u00e9 pour ajouter un [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":363570,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[8074,4168,4158,4165,4161,4157,4159,4171,4170,1151,4167,4160,4163,4162,51599,4172,4169,2783,4166,3667,4164,51600,108669,35759],"class_list":["post-363569","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-attaques","tag-comment-pirater","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-laide","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-plugin","tag-securite-informatique","tag-securite-internet","tag-sites","tag-violation-de-donnees","tag-vulnerabilite","tag-vulnerabilite-logicielle","tag-wordpress","tag-wpgateway","tag-zeroday"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/363569","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=363569"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/363569\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/363570"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=363569"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=363569"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=363569"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}