Summary: A critical security vulnerability, CVE-2025-2505, has been identified in the Age Gate plugin for WordPress, affecting over 40,000 websites. This flaw allows unauthenticated remote code execution through a Local PHP File Inclusion vulnerability, potentially leading to server compromise. Users are urged to update to the patched version 3.5.4 to mitigate risks.
Affected: Age Gate plugin for WordPress
Keypoints :
- Vulnerability allows unauthenticated attackers to execute arbitrary PHP files.
- Severe risk of bypassing access controls and extracting sensitive data.
- Patched version 3.5.4 has been released; users must update immediately.