Visit us at GITEX 2023 to witness the power of Hive Pro TEM Platform: Schedule a Meeting

Zero-Day vulnerability in WPGateway Plugin compromises WordPress sites

Threat Advisories

Zero-Day vulnerability in WPGateway Plugin compromises WordPress sites

Threat Level
Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

The recently uncovered CVE-2022-3180 zero-day vulnerability allows an unauthenticated attacker to add an administrator account to WPGateway-powered websites. WPGateway is a commercial plugin that allows users to install, backup, and clone WordPress. The flaw is being actively abused, and no patch has been issued yet.

Sign up to receive our Weekly Threat Digest