WordPress Age Gate Plugin Local PHP File Inclusion Vulnerability

A local PHP file inclusion vulnerability has been identified in the Age Gate plugin for WordPress, affecting all versions through 3.5.3. The vulnerability arises from the 'lang' parameter, allowing unauthenticated attackers to include and execute arbitrary PHP files on the server. This exploitation could bypass access controls, access sensitive information, or execute code in cases where files perceived as safe, like images, can be uploaded and included.

Impact

Exploitation of this vulnerability could lead to unauthorized inclusion and execution of PHP files on the server, potentially allowing attackers to execute arbitrary code, access sensitive data, or bypass access controls.

Reproduction

To reproduce this vulnerability, send a request to a WordPress site with the Age Gate plugin installed, using the 'lang' parameter to specify a file to include. The request can be made without authentication, and the specified file will be executed on the server, leading to local PHP file inclusion.

Remediation

Users are advised to update the Age Gate plugin to version 3.5.4 or later.