WordPress Plugin Vulnerabilities

Age Gate < 2.17.1 - Unauthenticated Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some parameters, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
age-gate
Fixed in 2.17.1

References

CVE
CVE-2021-36901

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Nguyen Van Khanh
Verified
No
WPVDB ID
e10767b7-018c-4532-8be6-09834055844c

Timeline

Publicly Published
2022-06-10 (about 3 years ago)
Added
2022-06-16 (about 3 years ago)
Last Updated
2023-03-19 (about 3 years ago)

Other

Published
Title
Published
2026-03-20
Title
FuseDesk <= 6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'emailtext' Shortcode Attribute
Published
2025-09-26
Title
Notely < 1.9.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2016-06-24
Title
Welcart e-Commerce < 1.8.3 - Cross-Site Scripting (XSS)
Published
2023-10-27
Title
WP Post Popup <= 3.7.3 - Admin+ Stored XSS
Published
2023-05-04
Title
Advanced Custom Fields < 6.1.6 - Reflected XSS