Impact
The plugin contains an unauthenticated arbitrary file download vulnerability that allows an attacker to specify arbitrary files on the server for download. This leads to disclosure of potentially sensitive configuration files, credentials, backup archives, or other private data, thereby compromising confidentiality.
Affected Systems
Affected are instances of the "Premium Age Verification / Restriction for WordPress" plugin developed by AA‑Team. Versions 3.0.2 and earlier are vulnerable because they lack proper validation of the file parameter. Any WordPress site running the plugin at or below the version 3.0.2 threshold is at risk.
Risk and Exploitability
The CVSS score of 7.5 indicates a high severity level. The EPSS score is not provided, but the absence of a known KEV listing suggests that, while the vulnerability may not be widely exploited yet, it remains a serious risk. The attack vector is not explicitly documented in the description, but it can be inferred that an unauthenticated HTTP request to the plugin’s download endpoint could trigger the flaw. Consequently, administrators should treat this as a high‑risk vulnerability until a patch is applied.
OpenCVE Enrichment