WordPress Plugin Vulnerabilities

Age Gate < 3.6.0 - Missing Authorization

Description

The Age Gate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the store() function in all versions up to, and including, 3.5.4. This makes it possible for unauthenticated attackers to update settings.

Affects Plugins

Plugin icon
age-gate
Fixed in 3.6.0

References

CVE
CVE-2025-31012
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/e64f3e2b-7c82-4b30-bb3e-b84916e29232

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Trương Hữu Phúc (truonghuuphuc)
Verified
No
WPVDB ID
8a50598f-068c-48b0-b1de-3ed782a35974

Timeline

Publicly Published
2025-04-09 (about 1 year ago)
Added
2025-04-15 (about 1 year ago)
Last Updated
2025-04-15 (about 1 year ago)

Other

Published
Title
Published
2024-12-14
Title
Popup Surveys & Polls for WordPress (Mare.io) <= 1.36 - Missing Authorization
Published
2025-08-22
Title
IDonatePro <= 2.1.11 - Missing Authorization
Published
2023-11-07
Title
Easy Social Icons < 3.2.5 - Missing Authorization via cnss_save_ajax_order
Published
2025-02-03
Title
RapidLoad < 2.4.5 - Missing Authorization
Published
2025-03-27
Title
Traveler < 3.2.1 - Missing Authorization