CVE-2022-3180 Information

Description

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to and including 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts.

Reference

https://www.wordfence.com/blog/2022/09/psa-zero-day-vulnerability-in-wpgateway-actively-exploited-in-the-wild/ https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpgateway/wpgateway-35-unauthenticated-privilege-escalation