PSA: Zero-Day Vulnerability in WPGateway Actively Exploited in the Wild!
On September 8, 2022, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability being used to add a malicious administrator user to sites running the WPGateway plugin.