What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Verification / Restriction for WordPress, AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress allows Privilege Escalation.This issue affects Premium Age Verification / Restriction for WordPress: from n/a through 3.0.2; Responsive Coming Soon Landing Page / Holding Page for WordPress: from n/a through 3.0.
Explanation of Vulnerability in Simple Terms
02Summary
The Premium Age Verification / Restriction plugin for WordPress versions up to 3.0.2 contains an authorization flaw that allows authenticated users with low privileges to read sensitive data, modify site content, or disrupt service. The vulnerability requires a valid WordPress account but no special user interaction. Site administrators should update immediately to a patched version.
What an attacker can do
03Attacker Capabilities
Read sensitive data, modify content, or disrupt the site's availability.
Potential impact on your site
04Site Impact
Any registered user can access restricted admin functions, read private data, or damage site content and availability.
Conditions required to exploit
05Prerequisites
Attacker must have a valid low-privilege WordPress user account.
Key dates
06Disclosure timeline
January 6, 2026
CVE published
April 28, 2026
Record updated