CVE-2025-7401
BaseFortify
Publication date: 2025-07-11
Last updated on: 2025-07-15
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | premium_age_verification | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the Premium Age Verification / Restriction for WordPress plugin due to insufficient protection of a remote support feature in the remote_tunnel.php file. This flaw allows unauthenticated attackers to read from or write to arbitrary files on the affected server, potentially exposing sensitive information or enabling remote code execution.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to sensitive files or data on your server, and attackers may also execute arbitrary code remotely. This can compromise the security and integrity of your website and server, potentially leading to data breaches, service disruption, or further exploitation.