CVE-2022-3180

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-3180
CWE	https://cwe.mitre.org/data/definitions/290.html

The WPGateway Plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.5. This allows unauthenticated attackers to create arbitrary malicious administrator accounts.

Weakness

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://cwe.mitre.org/data/definitions/21.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/459.html
https://cwe.mitre.org/data/definitions/461.html
https://cwe.mitre.org/data/definitions/473.html
https://cwe.mitre.org/data/definitions/476.html
https://cwe.mitre.org/data/definitions/59.html
https://cwe.mitre.org/data/definitions/60.html
https://cwe.mitre.org/data/definitions/667.html
https://cwe.mitre.org/data/definitions/94.html

References

https://www.wordfence.com/blog/2022/09/psa-zero-day-vulnerability-in-wpgateway-actively-exploited-in-the-wild/
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpgateway/wpgateway-35-unauthenticated-privilege-escalation

Authentication Bypass by Spoofing

Weakness

Related Attack Patterns

References