WordPress Plugin Vulnerabilities

Age Gate < 2.17.1 - Unauthenticated Import Settings

Description

The plugin patched an Unauthenticated Import Settings vulnerability. It was found to be exploited in the wild a few days after being patched.

Affects Plugins

Plugin icon
age-gate
Fixed in 2.17.1

References

URL
https://wordpress.org/support/topic/age-gate-hacked-on-multiple-sites-multiple-servers/
URL
https://plugins.trac.wordpress.org/changeset/2618003/age-gate

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
9.8 (critical)

Miscellaneous

Submitter
Ryan
Verified
No
WPVDB ID
1795452a-171b-4624-b0eb-083b26a0bebb

Timeline

Publicly Published
2021-10-25 (about 4 years ago)
Added
2021-10-25 (about 4 years ago)
Last Updated
2022-04-16 (about 3 years ago)

Other

Published
Title
Published
2021-07-19
Title
RestroPress < 2.8.3.1 - Unauthorised AJAX Calls
Published
2024-01-24
Title
Views for WPForms < 3.2.3 - Missing Authorization via save_view
Published
2024-04-03
Title
CGC Maintenance Mode <= 1.2 - Sensitive Information Exposure
Published
2021-09-22
Title
Ninja Forms < 3.5.8 - Unprotected REST-API to Email Injection
Published
2024-01-23
Title
illi Link Party! <= 1.0 - Unauthenticated Arbitrary Link Deletion