Zero-Day vulnerability in WPGateway Plugin compromises WordPress sites

Threat Level – Red | Vulnerability Report
Download PDF

The recently uncovered CVE-2022-3180 zero-day vulnerability allows an unauthenticated attacker to add an administrator account to WPGateway-powered websites. WPGateway is a commercial plugin that allows users to install, backup, and clone WordPress. The flaw is being actively abused, and no patch has been issued yet.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox