A zero-day flaw in the latest version of a WordPress premium plugin known asWPGatewayis being actively exploited in the wild, potentially allowing malicious actors to completely take over affected sites. Tracked asCVE-2022-3180(CVSS score: 9.8), the issue is being weaponized to add a malicious administrator user to sites running the WPGateway plugin, WordPress security company Wordfence