CVE-2022-3180

EPSS 24.13%
Published 11.02.2025 22:15:24
Last modified 05.06.2025 14:24:42
Source security@wordfence.com
Teams watchlist Login
Open Login

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Wpgateway ≫ Wpgateway SwPlatformwordpress Version <= 3.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	24.13%	0.959

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://www.wordfence.com/blog/2022/09/psa-zero-day-vulnerability-in-wpgateway-actively-exploited-in-the-wild/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpgateway/wpgateway-35-unauthenticated-privilege-escalation

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3180

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3180

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3180

EUVD