{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-2505", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-03-18T17:08:25.933Z", "datePublished": "2025-03-20T07:29:57.851Z", "dateUpdated": "2026-04-08T17:26:25.280Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:26:25.280Z"}, "affected": [{"vendor": "philsbury", "product": "Age Gate", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.5.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."}], "title": "Age Gate <= 3.5.3 - Unauthenticated Local PHP File Inclusion via 'lang'", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d6ac2996-098f-474c-b44e-78d5af7b503a?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/age-gate/trunk/vendor/agegate/common/src/Settings.php#L27"}, {"url": "https://plugins.trac.wordpress.org/changeset/3258075/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Michael Mazzolini"}], "timeline": [{"time": "2025-03-19T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-20T14:50:58.482195Z", "id": "CVE-2025-2505", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T14:51:26.885Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-2505", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-20T14:50:58.482195Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T14:51:20.387Z"}}], "cna": {"title": "Age Gate <= 3.5.3 - Unauthenticated Local PHP File Inclusion via 'lang'", "credits": [{"lang": "en", "type": "finder", "value": "Michael Mazzolini"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "philsbury", "product": "Age Gate", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.5.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-19T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d6ac2996-098f-474c-b44e-78d5af7b503a?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/age-gate/trunk/vendor/agegate/common/src/Settings.php#L27"}, {"url": "https://plugins.trac.wordpress.org/changeset/3258075/"}], "descriptions": [{"lang": "en", "value": "The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:26:25.280Z"}}}, "cveMetadata": {"cveId": "CVE-2025-2505", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:26:25.280Z", "dateReserved": "2025-03-18T17:08:25.933Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-20T07:29:57.851Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."}, {"lang": "es", "value": "El complemento Age Gate para WordPress es vulnerable a la inclusi\u00f3n local de archivos PHP en todas las versiones hasta la 3.5.3 incluida, a trav\u00e9s del par\u00e1metro 'lang'. Esto permite a atacantes no autenticados incluir y ejecutar archivos PHP arbitrarios en el servidor, lo que permite la ejecuci\u00f3n de c\u00f3digo en dichos archivos. Esto puede utilizarse para eludir los controles de acceso, obtener datos confidenciales o ejecutar c\u00f3digo cuando se pueden subir e incluir im\u00e1genes y otros tipos de archivos \"seguros\"."}], "id": "CVE-2025-2505", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-03-20T08:15:11.873", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/age-gate/trunk/vendor/agegate/common/src/Settings.php#L27"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3258075/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d6ac2996-098f-474c-b44e-78d5af7b503a?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-29T02:04:41.839243+00:00", "value": {"mitigation_remediation": ["Upgrade the WordPress Age Gate plugin to version 3.5.4 or later, or any release that removes the local file inclusion flaw.", "If an upgrade cannot be performed immediately, disable or remove the 'lang' parameter from the plugin\u2019s request handling, or otherwise restrict the plugin\u2019s ability to include files from the web root.", "Configure file upload permissions and directory access controls so that only allowable file types are accepted and stored outside of directories that can be included by the plugin."], "summary": {"action": "Immediate Patch", "impact": "Local PHP File Inclusion leading to arbitrary code execution"}, "threat_synthesis": {"affected_systems": "WordPress sites running the philsbury Age Gate plugin, versions up to and including 3.5.3 are affected. Any installation of these vulnerable plugin versions is at risk.", "description_and_impact": "The Age Gate plugin for WordPress contains a flaw that allows an unauthenticated attacker to include and execute arbitrary PHP files through the 'lang' parameter. This vulnerability falls under CWE\u201122 and can be used to bypass access controls, exfiltrate sensitive data, or to achieve code execution when the attacker can place files such as images in upload directories that are later included.", "risk_and_exploitability": "The CVSS score of 9.8 indicates a severe potential impact if exploited, but the EPSS score of < 1% suggests a very low probability of exploitation in the wild. This does not eliminate the risk, as the flaw can still be leveraged by attackers who manage to place a PHP file into a directory that the plugin includes via the 'lang' parameter. The public references show that an attacker can construct an HTTP request referencing a local PHP file, for example by uploading a file disguised as an image and later causing the plugin to include it."}}}}, "created": "2025-07-12T15:42:39.692029+00:00", "updated": "2026-04-29T02:15:47.432463+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}