9.8

CVE-2022-3180

EPSS 6.26%
Veröffentlicht 11.02.2025 22:15:24
Zuletzt bearbeitet 05.06.2025 14:24:42
Quelle security@wordfence.com
CVE-Watchlists
Login
Unerledigt
Login

WPGateway <= 3.5 - Unauthenticated Privilege Escalation

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts.

Mögliche Gegenmaßnahme

WPGateway: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt WPGateway

Version *-3.5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wpgateway ≫ Wpgateway SwPlatformwordpress Version <= 3.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	6.26%	0.906

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://www.wordfence.com/blog/2022/09/psa-zero-day-vulnerability-in-wpgateway-actively-exploited-in-the-wild/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpgateway/wpgateway-35-unauthenticated-privilege-escalation

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/0b75c681-ecd2-4603-8819-07b2e9b8d547

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-3180

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-3180

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-3180

EUVD