KEVIntel
Vulnerability detail
Enriched intelligence for a single CVE
9.8
CVSS
Critical
Critical
CVE-2022-3180
PUBLISHEDWPGateway <= 3.5 - Unauthenticated Privilege Escalation
Exploited in the wild
Remote
Low complexity
No user interaction
- Vendor
- Jack Hopman
- Product
- WPGateway
- Published
- Feb 11, 2025
- EPSS
- 27.8% · 96% pctl
Description
The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts.
wordpress
CVSS scores
CVSS v3.1
9.8 Critical
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation status
Exploited in the wild
Recorded 2022-09-13 08:50:53 UTC · Source
SSVC decision points
- Exploitation
- none
- Automatable
- Yes
- Technical impact
- total
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| Wordfence | Sep 13, 2022 |
Timeline
-
CVE ID Reserved
-
Added to KEVIntel
-
CVE Published to Public