September 14, 2022
Critical WordPress WPGateway premium plugin Actively Exploited 0-Day
According to an advisory by WordFence, a critical privilege escalation 0-Day vulnerability affecting the “WPGateway” WordPress plugin was identified Actively Exploited in the Wild.
- CVE-2022-3180 (CVSS 3.1: 9.8, Critical) – A critical privilege escalation vulnerability allows unauthenticated attackers to add a rogue user with admin privileges to totally take over sites running the vulnerable WordPress plugin.
- WPGateway 3.5 and earlier.
CYREBRO recommends removing the plugin immediately until a patch is made available and to check for malicious administrator users in your WordPress dashboard.
References: WordFence Advisory.