- Description
- The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-22
- Hype score
- Not currently trending
🚨 Alert: CVE-2025-2505 🚨 The Age Gate #WordPress plugin (up to v3.5.3) is vulnerable to Local PHP File Inclusion via the 'lang' parameter. 🛡️ Act fast to protect your site from unauthorized code execution and data exposure! Patch now or risk exploitation! 🔍🔧 #CyberSecurity
@SecAideInfo
22 Mar 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical WordPress flaw (CVE-2025-2505) in Age Gate plugin (≤3.5.3) risks 40K+ sites with remote code execution. Update to 3.5.4 NOW! Details: https://t.co/gb9wEmLT8l #Cybersecurity #WordPress https://t.co/3m2CFyTrY0
@threatsbank
21 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2505: Path Traversal in Age Gate WordPress plugin, 9.8 rating 🔥 The vulnerability allows attackers to include and execute arbitrary PHP files. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/0lGj2XAx91 #cybersecurity #vulnerability_map https://t.co/7GSKmLzuR
@Netlas_io
21 Mar 2025
767 Impressions
4 Retweets
9 Likes
1 Bookmark
0 Replies
0 Quotes
⚡️The vulnerability details are now available: https://t.co/6VFA97iscf 🚨🚨A massive flaw just dropped: CVE-2025-2505 (CVSS 9.8) in the WordPress Age Gate plugin. Think unauthenticated remote code execution – yes, attackers can run ANY PHP file on the server. No login needed! h
@zoomeye_team
21 Mar 2025
789 Impressions
2 Retweets
10 Likes
4 Bookmarks
0 Replies
0 Quotes
Critical WordPress Plugin Vulnerability Exposes Over 40,000 Websites to Code Execution Attacks Learn about CVE-2025-2505, a critical vulnerability in the Age Gate plugin for WordPress that allows remote code execution. https://t.co/MiFmv5gxvQ
@the_yellow_fall
21 Mar 2025
415 Impressions
5 Retweets
9 Likes
3 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-2505 - WordPress - HIGH 🚨 🗓️ Date published 2025-03-20 08:15:11 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/914vZHpgQb
@vulns_space
20 Mar 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-2505: CRITICAL] WordPress Age Gate plugin up to 3.5.3 is vulnerable to Local PHP File Inclusion via the 'lang' parameter, allowing unauthenticated attackers to execute arbitrary PHP files on the server. ...#cybersecurity,#vulnerability https://t.co/yJzsxXMKHN https://t.
@CveFindCom
20 Mar 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2505 The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible… https://t.co/9zX7GtAp5y
@CVEnew
20 Mar 2025
345 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes