Skip to main content

Premium Age Verification Restriction For Wordpress

1 CVEs product

Monthly

CVE-2025-49403 HIGH This Week

Unauthenticated arbitrary file download in the Premium Age Verification / Restriction for WordPress plugin (versions ≤ 3.0.2) allows remote attackers to retrieve arbitrary files from the underlying server without any credentials or user interaction. The CVSS 3.1 score of 7.5 reflects high confidentiality impact with no integrity or availability impact, consistent with file disclosure rather than code execution. There is no public exploit identified at time of analysis and the issue is not present in CISA KEV, but Patchstack has confirmed the flaw against a default plugin installation.

PHP WordPress Information Disclosure LFI Premium Age Verification Restriction For Wordpress
NVD
CVSS 3.1
7.5
EPSS
0.3%
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated arbitrary file download in the Premium Age Verification / Restriction for WordPress plugin (versions ≤ 3.0.2) allows remote attackers to retrieve arbitrary files from the underlying server without any credentials or user interaction. The CVSS 3.1 score of 7.5 reflects high confidentiality impact with no integrity or availability impact, consistent with file disclosure rather than code execution. There is no public exploit identified at time of analysis and the issue is not present in CISA KEV, but Patchstack has confirmed the flaw against a default plugin installation.

PHP WordPress Information Disclosure +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy