WordPress Age Gate plugin <= 2.16.3 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

age-gate

Software
Age Gate
Vulnerable Versions
<= 2.16.3
Fixed in version
2.16.4
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Disclosure Date
2021-10-06
CVSS 3.0 score

6.9

Medium

Requires high privilege user authentication like admin or custom plugin settings to allow access to lower privilege users.

Are your websites subject to this vulnerability?

Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Martin Vierula (Trustwave) in WordPress Age Gate plugin (versions <= 2.16.3).

Solution

Update the WordPress Age Gate plugin to the latest available version (at least 2.16.4).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.