cleantalk
Vulnerabilities and Security Researches

Age Gate, CVE-2025-2505

CVE, Research URL

CVE-2025-2505

Home page URL

Security reports for Age Gate

Application

Age Gate

Published on
Mar 20, 2025
Research Description
The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Affected versions
Min -, max 3.5.4.
Status
vulnerable
Previous vulnerability researches
Age Gate , Jul 24, 2024
Age Gate (CVE-2025-31012) , Apr 11, 2025
Age Gate (CVE-2021-36901) , Jun 07, 2024
Age Gate (5779ce1e3247b87c4a5f18b5752040ebb3161caa) , Jun 07, 2024
Age Gate (CVE-2025-2505) , Mar 22, 2025
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025