Vulnerabilities and security researches forage-gate age-gate

Jun 07, 2024

CVE, Research URL: CVE-2021-36901
Home page URL: Security reports for Age Gate
Application: Age Gate
Date: Jun 15, 2022
Research Description: Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker's Age Gate plugin <= 2.17.0 at WordPress.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: 5779ce1e3247b87c4a5f18b5752040ebb3161caa
Home page URL: Security reports for Age Gate
Application: Age Gate
Date: Oct 25, 2021
Research Description: Age Gate [age-gate] < 2.13.5 WordPress Age Gate <= 2.17.0 - Unauthenticated Import Settings vulnerability Unauthenticated Import Settings vulnerability discovered in WordPress Age Gate (versions <= 2.17.0).
Affected versions: Min -, max -.
Status: vulnerable

Jul 24, 2024

PSC, Research URL: PSC-2024-19857
Home page URL: Security reports for Age Gate
Application: Age Gate
Date: -
Research Description: Age restrictions are a common requirement in various online scenarios, from viewing movie trailers to accessing adult-themed content. Managing age-restricted content on your website is a delicate task, and the “Age Gate” plugin, now at version 3.3.0, offers a solution that not only ensures compliance but also prioritizes security. In this article, we delve into the importance of this plugin, focusing on its security features and its recognition through the “Plugin Security Certification” (PSC).
Affected versions: Min -, max -.
Status: SAFE & CERTIFIED

Mar 22, 2025

CVE, Research URL: CVE-2025-2505
Home page URL: Security reports for Age Gate
Application: Age Gate
Date: Mar 20, 2025
Research Description: The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Affected versions: Min -, max -.
Status: vulnerable

Apr 11, 2025

CVE, Research URL: CVE-2025-31012
Home page URL: Security reports for Age Gate
Application: Age Gate
Date: Apr 09, 2025
Research Description: Missing Authorization vulnerability in Phil Age Gate allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Age Gate: from n/a through 3.5.4.
Affected versions: Min -, max -.
Status: vulnerable