High severity7.5NVD Advisory· Published Nov 11, 2025· Updated Apr 15, 2026
CVE-2025-11855
CVE-2025-11855
Description
The age-restriction WordPress plugin through 3.0.2 does not have authorisation in the age_restrictionRemoteSupportRequest function, allowing any authenticated users, such as subscriber to create an admin user with a hardcoded username and arbitrary password.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=3.0.2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.