Executive Summary

CVE-2025-29004 is a high-priority privilege escalation vulnerability affecting two WordPress plugins: Premium Age Verification / Restriction (up to version 3.0.2) and Responsive Coming Soon Landing Page / Holding Page (up to version 3.0). It allows an attacker with low-level privileges (such as Subscriber or Developer) to escalate their privileges to a higher level, potentially gaining full control over the affected WordPress website. This vulnerability is classified under OWASP Top 10 categories A4: Insecure Design and A5: Security Misconfiguration, indicating design and configuration flaws that enable privilege escalation. [1, 2]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have a severe impact by allowing attackers with minimal access to escalate their privileges and gain full control over the affected WordPress site. This means they could modify site content, access sensitive data, install malicious code, or disrupt website operations. The high CVSS score of 8.8 reflects the critical nature and likelihood of exploitation, making it a significant security risk for site owners. [1, 2]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate steps to mitigate this vulnerability include applying the mitigation rules issued by Patchstack, which can block attacks exploiting this flaw until an official patch is released. Users are strongly advised to implement these mitigation measures immediately to protect their WordPress sites running the affected plugins (Premium Age Verification / Restriction up to version 3.0.2 and Responsive Coming Soon Landing Page / Holding Page up to version 3.0). Since no official fix is currently available, using Patchstack's automated protection solutions is the recommended approach. [1, 2]

Useful 0 Not Useful 0