CVE-2025-29004
Unknown Unknown - Not Provided

Privilege Escalation via Incorrect Privilege Assignment in AA-Team WordPress Plugins

Vulnerability report for CVE-2025-29004, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-06

Last updated on: 2026-04-28

Assigner: Patchstack

Description

Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Verification / Restriction for WordPress, AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress allows Privilege Escalation.This issue affects Premium Age Verification / Restriction for WordPress: from n/a through 3.0.2; Responsive Coming Soon Landing Page / Holding Page for WordPress: from n/a through 3.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-06
Last Modified
2026-04-28
Generated
2026-07-06
AI Q&A
2026-01-06
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
aa-team premium_age_verification_restriction to 3.0.2 (inc)
aa-team responsive_coming_soon_landing_page_holding_page to 3.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-29004 is a high-priority privilege escalation vulnerability affecting two WordPress plugins: Premium Age Verification / Restriction (up to version 3.0.2) and Responsive Coming Soon Landing Page / Holding Page (up to version 3.0). It allows an attacker with low-level privileges (such as Subscriber or Developer) to escalate their privileges to a higher level, potentially gaining full control over the affected WordPress website. This vulnerability is classified under OWASP Top 10 categories A4: Insecure Design and A5: Security Misconfiguration, indicating design and configuration flaws that enable privilege escalation. [1, 2]

Impact Analysis

This vulnerability can have a severe impact by allowing attackers with minimal access to escalate their privileges and gain full control over the affected WordPress site. This means they could modify site content, access sensitive data, install malicious code, or disrupt website operations. The high CVSS score of 8.8 reflects the critical nature and likelihood of exploitation, making it a significant security risk for site owners. [1, 2]

Mitigation Strategies

Immediate steps to mitigate this vulnerability include applying the mitigation rules issued by Patchstack, which can block attacks exploiting this flaw until an official patch is released. Users are strongly advised to implement these mitigation measures immediately to protect their WordPress sites running the affected plugins (Premium Age Verification / Restriction up to version 3.0.2 and Responsive Coming Soon Landing Page / Holding Page up to version 3.0). Since no official fix is currently available, using Patchstack's automated protection solutions is the recommended approach. [1, 2]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-29004. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart