Unrated severityNVD Advisory· Published Feb 11, 2025· Updated Mar 14, 2025

WPGateway <= 3.5 - Unauthenticated Privilege Escalation

CVE-2022-3180

Description

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts.

Affected products

WPGateway/WPGatewayllm-create
Range: <=3.5
Jack Hopman/WPGatewayv5
Range: *
WordPress/WPGatewaywp-canonicalize

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.wordfence.com/blog/2022/09/psa-zero-day-vulnerability-in-wpgateway-actively-exploited-in-the-wild/mitre
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpgateway/wpgateway-35-unauthenticated-privilege-escalationmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.007
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000