📄 WordPress Premium Age Verification Restriction 3.0.2 Shell Upload

A critical security vulnerability exists in the WordPress Age Restriction plugin version 3.0.2 and earlier. The vulnerability allows unauthenticated attackers to upload arbitrary PHP files and execute remote code via the remotetunnel.php endpoint. This leads to complete compromise of the WordPres...

WordPress Age Restriction plugin <= 3.0.2 - Subscriber+ Privilege Escalation vulnerability

Subscriber+ Privilege Escalation vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin Premium Age Verification / Restriction for WordPress versions = 3.0.2...

WordPress age-restriction plugin missing authorization vulnerability

The WordPress age-restriction plugin is a plugin used to add age verification functionality to a WordPress website, the main purpose of which is to restrict access to certain content or features to users who have not reached a specific age. The WordPress age-restriction plugin suffers from a lack...

CVE-2025-11855

The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the agerestrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an admin user with a hardcoded username and arbitrary password...

EUVD-2025-74047

The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the agerestrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an admin user with a hardcoded username and arbitrary password...

CVE-2025-11855

The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the agerestrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an admin user with a hardcoded username and arbitrary password...

CVE-2025-11855 Age Restriction <= 3.0.2 - Subscriber+ Privilege Escalation

The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the agerestrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an admin user with a hardcoded username and arbitrary password...

CVE-2025-11855 Age Restriction <= 3.0.2 - Subscriber+ Privilege Escalation

The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the agerestrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an admin user with a hardcoded username and arbitrary password...

CVE-2025-11855

CVE-2025-11855 affects the WordPress plugin “age-restriction” (versions up to 3.0.2). The root cause is missing authorization in the age_restrictionRemoteSupportRequest function, enabling any authenticated user (e.g., a subscriber) to create an administrator account with a hardcoded username and ...

PT-2025-46301

Name of the Vulnerable Software and Affected Versions age-restriction WordPress plugin versions through 3.0.2 Description The age-restriction WordPress plugin does not have proper authorisation within the age restrictionRemoteSupportRequest function. This allows authenticated users, even those wi...

PayPal denies to pay Bug Bounty reward to teenager

When coders and online security researchers find errors in websites or software, the companies behind the programs will often pay out a bounty to the person who discovered the issue. The programs are intended to create an incentive for researchers to privately report issues and allow vendors to...