Security Advisory

CVE-2025-11855

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-11 06:00:08

Last updated 2026-04-02 12:39:51

Assigner WPScan

State PUBLISHED

Description

The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the age_restrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an admin user with a hardcoded username and arbitrary password.

← Browse all CVEs View on cve.org ↗