CVE-2022-3180

🗓️ 11 Feb 2025 21:38:57Reported by WordfenceType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 435 Views🌐 WEB

CVE-2022-3180 reserved for new security problem

Reporter	Title	Published	Views	Family All 18
0day.today	WordPress WPGateway 3.5 Privilege Escalation Vulnerability	15 Sep 202200:00	–	zdt
ATTACKERKB	CVE-2022-3180	11 Feb 202500:00	–	attackerkb
Circl	CVE-2022-3180	14 Sep 202219:31	–	circl
CNNVD	WordPress plugin WPGateway 权限许可和访问控制问题漏洞	14 Sep 202200:00	–	cnnvd
Check Point Advisories	WordPress WPGateway Plugin Privilege Escalation (CVE-2022-3180)	18 Sep 202200:00	–	checkpoint_advisories
Cvelist	CVE-2022-3180 WPGateway <= 3.5 - Unauthenticated Privilege Escalation	11 Feb 202521:38	–	cvelist
Hive Pro Threat Advisories	Zero-Day vulnerability in WPGateway Plugin compromises WordPress sites	26 Sep 202206:35	–	hivepro
Malwarebytes	WPGateway WordPress plugin vulnerability could allow full site takeover	14 Sep 202211:00	–	malwarebytes
NVD	CVE-2022-3180	11 Feb 202522:15	–	nvd
OSV	CVE-2022-3180	11 Feb 202522:15	–	osv

NVD

Vulners

Node

wpgateway wpgatewayRange≤3.5wordpress

[
  {
    "defaultStatus": "unaffected",
    "product": "WPGateway",
    "vendor": "Jack Hopman",
    "versions": [
      {
        "lessThanOrEqual": "3.5",
        "status": "affected",
        "version": "*",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpgateway/wpgateway-35-unauthenticated-privilege-escalation
wordfence	www.wordfence.com/blog/2022/09/psa-zero-day-vulnerability-in-wpgateway-actively-exploited-in-the-wild/

Parameter	Position	Path	Description	CWE
wp_new_credentials	query param	wp-content/plugins/wpgateway/wpgateway-webservice-new.php?wp_new_credentials=1	Unauthenticated privilege escalation via WPGateway vulnerability exposing an endpoint to create credentials/admins.	CWE-290

05 Jun 2025 14:24Current

9.7High risk

Vulners AI Score9.7

CVSS 3.19.8

EPSS0.23516

SSVC