Threat Advisories

Zero-Day vulnerability in WPGateway Plugin compromises WordPress sites

September 26, 2022

Threat Level

Red

Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

The recently uncovered CVE-2022-3180 zero-day vulnerability allows an unauthenticated attacker to add an administrator account to WPGateway-powered websites. WPGateway is a commercial plugin that allows users to install, backup, and clone WordPress. The flaw is being actively abused, and no patch has been issued yet.

Kinsing malware continues to exploit these two-year-old vulnerabilities

Zero-day vulnerability in Windows terminal management tool gets a hotfix Date