← back
CVE-2022-3180

WPGateway <= 3.5 - Unauthenticated Privilege Escalation

CVSS 9.8 CRITICALEPSS 8.8%CWE-290
The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Jack Hopman · WPGateway

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.wordfence.com/blog/2022/09/psa-zero-day-vulnerability-in-wpgateway-actively-exploited-in-the-wild/https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpgateway/wpgateway-35-unauthenticated-privilege-escalation