CVE Catalog

CVE-2025-49403

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Summary

WordPress versions up to 3.0.2 have a vulnerability that allows unauthenticated arbitrary file download in the Premium Age Verification / Restriction plugin.

Risk Assessment

An attacker could access sensitive files on the server, potentially leading to data leakage or system compromise.

Recommendation

It is recommended to update WordPress to the latest version and review the configuration of the Premium Age Verification / Restriction plugin.

Original NVD description (English source)

Unauthenticated Arbitrary File Download in Premium Age Verification / Restriction for WordPress <= 3.0.2 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS