Zero-Day vulnerability in WPGateway Plugin compromises WordPress sites
Zero-Day vulnerability in WPGateway Plugin compromises WordPress sites
Threat Level
Vulnerability Report
For a detailed threat advisory, download the pdf file here
Summary
The recently uncovered CVE-2022-3180 zero-day vulnerability allows an unauthenticated attacker to add an administrator account to WPGateway-powered websites. WPGateway is a commercial plugin that allows users to install, backup, and clone WordPress. The flaw is being actively abused, and no patch has been issued yet.