CVE-2022-3180

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts...

CVE-2022-3180

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts...

CVE-2022-3180

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts...

CVE-2022-3180 WPGateway <= 3.5 - Unauthenticated Privilege Escalation

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts...

Zero-Day vulnerability in WPGateway Plugin compromises WordPress sites

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The recently uncovered CVE-2022-3180 zero-day vulnerability allows an unauthenticated attacker to add an administrator account to WPGateway-powered websites. WPGateway is a commercial plugin that...

WordPress WPGateway Plugin Privilege Escalation (CVE-2022-3180)

A privilege escalation exists in WordPress WPGateway Plugin. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...

WordPress WPGateway 3.5 Privilege Escalation Vulnerability

Description: Unauthenticated Privilege Escalation Affected Plugin: WPGateway Plugin Slug: wpgateway Plugin Developer: Jack Hopman/WPGateway Affected Versions: = 3.5 CVE ID: CVE-2022-3180 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Fully Patched Version: N/A...

WPGateway WordPress plugin vulnerability could allow full site takeover

Theres been a few WordPress plugin vulnerabilities in the wild recently, and today we have another one to add to the list. Sometimes when word breaks of a WordPress plugin issue, a fix is already available and all you have to do is perform an update. On other occasions, the attack is live and out...

Over 280,000 WordPress Sites Attacked Using WPGateway Plugin Zero-Day Vulnerability

A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. Tracked as CVE-2022-3180 CVSS score: 9.8, the issue is being weaponized to add a malicious...

WordPress plugin WPGateway 权限许可和访问控制问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A privilege permission and...

WordPress WPGateway 3.5 Privilege Escalation

Description: Unauthenticated Privilege Escalation Affected Plugin: WPGateway Plugin Slug: wpgateway Plugin Developer: Jack Hopman/WPGateway Affected Versions: = 3.5 CVE ID: CVE-2022-3180 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Fully Patched Version: N/A...

PT-2022-20941 · WordPress · Wpgateway Plugin

Name of the Vulnerable Software and Affected Versions: WPGateway Plugin for WordPress versions up to, and including, 3.5 Description: The WPGateway Plugin for WordPress is vulnerable to privilege escalation. This allows unauthenticated attackers to create arbitrary malicious administrator account...

PSA: Zero-Day Vulnerability in WPGateway Actively Exploited in the Wild

On September 8, 2022, the Wordfence Threat Intelligence team became aware of an actively exploited zero-day vulnerability being used to add a malicious administrator user to sites running the WPGateway plugin. We released a firewall rule to Wordfence Premium, Wordfence Care, and Wordfence Respons...

WordPress WPGateway premium plugin <= 3.5 - Unauthenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability that allows unauthenticated attackers to insert a malicious administrator discovered by Chloe Chamberland Wordfence in WordPress WPGateway premium plugin versions = 3.5 Solution Deactivate and delete. No fix is available...

VulnCheck KEV: CVE-2022-3180

A privilege escalation flaw exists in the WordPress WPGateway plugin that enables unauthenticated adversaries to add a user with administrator rights...