9.8

CVE-2022-3180

WPGateway <= 3.5 - Unauthenticated Privilege Escalation

WPGateway <= 3.5 - Unauthenticated Privilege Escalation

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts.
Mögliche Gegenmaßnahme
WPGateway: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WpgatewayWpgateway SwPlatformwordpress Version <= 3.5
Weitere Schwachstelleninformationen
SystemWordPress Plugin
Produkt WPGateway
Version *-3.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.84% 0.945
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://www.wordfence.com/blog/2022/09/psa-zero-day-vulnerability-in-wpgateway-actively-exploited-in-the-wild/
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpgateway/wpgateway-35-unauthenticated-privilege-escalation
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/id/0b75c681-ecd2-4603-8819-07b2e9b8d547
Third Party Advisory