WordPress Plugin Vulnerabilities

Age Gate < 2.13.5 - Unauthenticated Open Redirect

Description

The plugin takes the _wp_http_referer parameter to redirect users after some actions as well as after invalid or missing nonces, leading to an Unauthenticated Open Redirect issue

Proof of Concept

Affects Plugins

Plugin icon
age-gate
Fixed in 2.13.5

References

URL
https://packetstormsecurity.com/files/#160236/

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
3.1 (low)

Miscellaneous

Original Researcher
Ilca Lucian Florin
Verified
Yes
WPVDB ID
f045d42d-3053-404c-9d79-cab9aadc9402

Timeline

Publicly Published
2020-11-27 (about 5 years ago)
Added
2020-12-01 (about 5 years ago)
Last Updated
2020-12-02 (about 5 years ago)

Other

Published
Title
Published
2025-05-07
Title
Integrations of Zoho CRM with Elementor form <= 1.0.8 - Open Redirect
Published
2023-10-12
Title
Responsive Column Widgets <= 1.2.7 - Open Redirect via responsive_column_widgets_link
Published
2024-09-30
Title
ElementsReady Addons for Elementor 6.4.2 - Open Redirect
Published
2025-09-26
Title
WP Gravity Forms HubSpot < 1.2.6 - Open Redirect
Published
2021-06-01
Title
MC4WP: Mailchimp for WordPress < 4.8.5 - Authenticated Arbitrary Redirect