Improper Input Validation in Age Verification Plugin for WordPress
CVE-2025-22622

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Age Verification
Vendor: CVE Published:; 19 February 2025

What is CVE-2025-22622?

The Age Verification plugin for WordPress, version 1.20.0, is susceptible to an improper input validation vulnerability. This issue arises as the web application dynamically generates content without appropriately validating the source of potentially untrusted data, specifically in the file myapp/class-wc-integration-agechecker-integration.php. This lack of validation can lead to increased risk of data manipulation or injection attacks, allowing an attacker to exploit the vulnerability and compromise the integrity of the application.

Affected Version(s)

Age Verification 1.20.0

References

https://fluidattacks.com/advisories/skims-5/

third-party-advisory

https://wordpress.org/plugins/agecheckernet/#developers

release-notes

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2025
Vulnerability Reserved
Jan 7, 2025