CVE-2022-3180

Summary

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts.

Affected Software

VendorProductVersion RangeStatus
Jack HopmanWPGateway* <= 3.5affected

Weaknesses

  • CWE-290: CWE-290 Authentication Bypass by Spoofing

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References