exploitDog

CVE-2022-3180

Опубликовано: 11 фев. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts.

Ссылки

https://www.wordfence.com/blog/2022/09/psa-zero-day-vulnerability-in-wpgateway-actively-exploited-in-the-wild/
Third Party Advisory
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpgateway/wpgateway-35-unauthenticated-privilege-escalation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wpgateway:wpgateway:*:*:*:*:*:wordpress:*:*

Версия до 3.5 (включая)

EPSS

Процентиль: 91%

0.06257

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-290

CWE-290

Связанные уязвимости

GHSA-7xf9-6rpx-2c4r

CVSS3: 9.8

github

12 месяцев назад

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts.

EPSS

Процентиль: 91%

0.06257

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-290

CWE-290