Get Started

WprdPress: Local File Inclusion Vulnerability in Age Gate Plugin

by the Hossted team
20.03.2025

In Age Gate plugin for WordPress versions 3.5.3 and prior a critical severity vulnerability CVE-2025-2505 was detected. This vulnerability allows unauthenticated attackers to include and execute arbitrary PHP files on the server via the `lang` parameter, potentially bypassing access controls, exposing sensitive data, or achieving remote code execution if certain file types can be uploaded and included. To address this issue, users should upgrade Age Gate plugin to versions 3.5.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2505.

Related articles
OSSpedia
OSSpedia 19 Feb 2025 WordPress: Insecure Direct Object Reference in Education Addon for Elementor Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Cross-Site Request Forgery Vulnerability in DeBounce Email Validator Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 19 Feb 2025 WordPress: Unauthorized Access Vulnerability in Raptive Ads Plugin Business and Enterprise Solutions CMS WOR
OSSpedia 11 Mar 2025 WordPress: Stored XSS Vulnerability in Countdown Timer Plugin Business and Enterprise Solutions CMS WOR