CVE-2025-22622: Age Verification - Reflected cross-site scripting (XSS)
First published: Wed Feb 19 2025(Updated: )
Age Verification for your checkout page. Verify your customer's identity 1.20.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/class-wc-integration-agechecker-integration.php.
Credit: help@fluidattacks.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Age Verification |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-22622?
CVE-2025-22622 is rated as a high severity vulnerability due to improper input validation that can lead to attacks such as data injection.
How do I fix CVE-2025-22622?
To fix CVE-2025-22622, update the Age Verification plugin to the latest version where the vulnerability has been addressed.
Who is affected by CVE-2025-22622?
Any web application using the Age Verification plugin version 1.20.0 or earlier is affected by CVE-2025-22622.
What are the implications of not addressing CVE-2025-22622?
Failing to address CVE-2025-22622 may lead to unauthorized access and manipulation of user data on the affected web application.
Is there a workaround for CVE-2025-22622?
A temporary workaround for CVE-2025-22622 involves implementing strict input validation on any data processed by the affected plugin.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/description
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/last-modified-date
- agent/source
- agent/tags
- agent/event
- vendor/age verification
- canonical/age verification