Cyber Resilience

CVE-2022-3180

Critical

Published: 11 February 2025

Published
11 February 2025
Modified
05 June 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.2352 96.1th percentile
Risk Priority 34 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-3180 is a critical-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Wpgateway Wpgateway. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and SI-2 (Flaw Remediation).

Deeper analysis

The WPGateway plugin for WordPress is affected by an unauthenticated privilege-escalation vulnerability in versions up to and including 3.5. The flaw, tracked as CVE-2022-3180 with a CVSS score of 9.8, permits remote attackers to create arbitrary administrator accounts and is associated with CWE-290 authentication bypass by spoofing.

Unauthenticated attackers with network access can exploit the issue without user interaction to obtain full administrative control over the WordPress site, including the ability to install plugins, modify content, or maintain persistent access through malicious administrator accounts.

Public advisories from Wordfence describe the issue as a zero-day actively exploited in the wild and provide threat intelligence details on the WPGateway plugin. The current EPSS score of 0.2352 matches the observed peak, indicating sustained exploitation interest after disclosure.

EU & UK References

Vulnerability details

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct remote unauthenticated exploit of public-facing WordPress plugin enabling privilege escalation to admin accounts.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-33433Shared CWE-290
CVE-2024-55925Shared CWE-290
CVE-2026-0834Shared CWE-290
CVE-2026-33131Shared CWE-290
CVE-2026-24372Shared CWE-290
CVE-2025-27671Shared CWE-290
CVE-2026-24853Shared CWE-290
CVE-2026-30975Shared CWE-290
CVE-2026-31889Shared CWE-290
CVE-2026-40575Shared CWE-290

Affected Assets

wpgateway
wpgateway
≤ 3.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates CVE-2022-3180 by requiring timely identification, prioritization, and patching of the flaw in the WPGateway plugin versions up to 3.5.

preventdetect

Prevents and detects unauthorized privilege escalation by enforcing automated and manual processes for account provisioning, modification, review, and disabling of malicious administrator accounts created via the vulnerability.

detect

Enables identification of exploitation of CVE-2022-3180 through real-time monitoring of anomalous activities such as unauthenticated account creations or privilege changes.

References