CVE-2022-3180
Published: 11 February 2025
Summary
CVE-2022-3180 is a critical-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Wpgateway Wpgateway. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 3.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-2 (Account Management) and SI-2 (Flaw Remediation).
Deeper analysis
The WPGateway plugin for WordPress is affected by an unauthenticated privilege-escalation vulnerability in versions up to and including 3.5. The flaw, tracked as CVE-2022-3180 with a CVSS score of 9.8, permits remote attackers to create arbitrary administrator accounts and is associated with CWE-290 authentication bypass by spoofing.
Unauthenticated attackers with network access can exploit the issue without user interaction to obtain full administrative control over the WordPress site, including the ability to install plugins, modify content, or maintain persistent access through malicious administrator accounts.
Public advisories from Wordfence describe the issue as a zero-day actively exploited in the wild and provide threat intelligence details on the WPGateway plugin. The current EPSS score of 0.2352 matches the observed peak, indicating sustained exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-42597
Vulnerability details
The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote unauthenticated exploit of public-facing WordPress plugin enabling privilege escalation to admin accounts.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates CVE-2022-3180 by requiring timely identification, prioritization, and patching of the flaw in the WPGateway plugin versions up to 3.5.
Prevents and detects unauthorized privilege escalation by enforcing automated and manual processes for account provisioning, modification, review, and disabling of malicious administrator accounts created via the vulnerability.
Enables identification of exploitation of CVE-2022-3180 through real-time monitoring of anomalous activities such as unauthenticated account creations or privilege changes.