Does Age Gate have any unpatched vulnerabilities?

No. All known vulnerabilities in Age Gate have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Age Gate compatible with WordPress 6.8.5?

According to WordPress.org data, Age Gate 3.7.2 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Age Gate compatible with PHP 7.4+?

Age Gate requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Age Gate updated?

Age Gate was last updated on Oct 22, 2025. Frequent updates are generally a positive security signal.

What is Age Gate's security score?

Age Gate has a WP-Safety security score of 90/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Age Gate Security & Risk Analysis

wordpress.org/plugins/age-gate

A plugin to check the age of a visitor before view site or specified content

40K active installs v3.7.2 PHP 7.4+ WP 6.0.0+ Updated Oct 22, 2025

adults-onlyage-gateage-restrictionage-verificationage-verify

A · Safe

CVEs total5

Unpatched0

Last CVEApr 9, 2025

Plugin page Download

Safety Verdict

Is Age Gate Safe to Use in 2026?

Generally Safe

Score 90/100

Age Gate has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Apr 9, 2025Updated 5mo ago

Risk Assessment

The "age-gate" plugin version 3.7.2 presents a moderate security risk. While the static analysis indicates no critical or high severity taint flows and a relatively low number of dangerous functions, several concerning patterns emerge. The presence of two unprotected AJAX handlers significantly expands the attack surface, as these entry points are vulnerable to unauthorized execution. Additionally, the fact that 100% of its SQL queries are not using prepared statements is a major concern, greatly increasing the risk of SQL injection vulnerabilities, especially if any of the input is not properly sanitized.

The vulnerability history is particularly troubling. The plugin has a history of 5 known CVEs, including a critical and a high severity vulnerability. While none are currently unpatched, the historical prevalence of critical and high severity issues, coupled with common vulnerability types like missing authorization, path traversal, open redirect, and XSS, suggests a recurring pattern of security weaknesses. This indicates that past vulnerabilities may not have been fully addressed in a way that prevents future similar flaws, or that the development process consistently overlooks critical security considerations.

In conclusion, while the absence of critical taint flows and the relatively high percentage of properly escaped output are positive signs, the unprotected AJAX handlers, raw SQL queries, and the plugin's historical vulnerability record paint a picture of a plugin that requires careful attention and updates. The potential for SQL injection and unauthorized access through AJAX endpoints, combined with a past history of serious vulnerabilities, warrants a cautious approach to its use.

Key Concerns

Unprotected AJAX handlers
100% of SQL queries without prepared statements
History of 1 critical CVE
History of 1 high CVE
History of 3 medium CVEs
Common vulnerability types (Path Traversal, Open Redirect, XSS)

Vulnerabilities

Age Gate Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

2 CVEs in 2022

2022

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

5 total CVEs

CVE-2025-31012medium · 5.3Missing Authorization

Age Gate <= 3.5.4 - Missing Authorization

Apr 9, 2025 Patched in 3.6.0 (7d)

CVE-2025-2505critical · 9.8Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Age Gate <= 3.5.3 - Unauthenticated Local PHP File Inclusion via 'lang'

Mar 19, 2025 Patched in 3.5.4 (1d)

WF-7d047fe7-bf00-4f93-91d2-c5da41664bfc-age-gatemedium · 4.7URL Redirection to Untrusted Site ('Open Redirect')

Age Gate <= 2.13.4 - Open Redirect

Nov 27, 2022 Patched in 2.13.5 (422d)

CVE-2021-36901high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Age Gate <= 2.17.0 - Cross-Site Scripting via Data Import

Jun 10, 2022 Patched in 2.17.1 (592d)

WF-103cbd07-4698-4b64-820d-d2df3fce95da-age-gatemedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Age Gate <= 2.16.3 - Stored Cross-Site Scripting

Oct 6, 2021 Patched in 2.16.4 (839d)

Code Analysis

Analyzed Mar 16, 2026

Age Gate Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

143

322 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared3 total queries

Output Escaping

69% escaped465 total outputs

Attack Surface

2 unprotected

Age Gate Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 4

authwp_ajax_ag_clear_legacy_csssrc\Admin\Ajax.php:14

authwp_ajax_age_gate_store_termssrc\Admin\Ajax.php:15

authwp_ajax_ag_checksrc\Legacy\Check.php:19

noprivwp_ajax_ag_checksrc\Legacy\Check.php:20

WordPress Hooks 71

actionadmin_noticesage-gate.php:30

actioninitsrc\Admin\Admin.php:26

actionadmin_noticessrc\Admin\Admin.php:39

filterplugin_row_metasrc\Admin\Admin.php:43

actionadmin_print_footer_scriptssrc\Admin\Controller\RestrictionController.php:29

actionsave_postsrc\Admin\Post\Edit.php:26

actionadd_meta_boxessrc\Admin\Post\Edit.php:27

filtermanage_posts_columnssrc\Admin\Post\ListTable.php:23

filtermanage_pages_columnssrc\Admin\Post\ListTable.php:24

actionmanage_posts_custom_columnsrc\Admin\Post\ListTable.php:26

actionmanage_pages_custom_columnsrc\Admin\Post\ListTable.php:27

actioninitsrc\Admin\Post\ListTable.php:30

actionadmin_initsrc\Admin\Taxonomy\Term.php:21

actionadmin_post_age_gate_exportsrc\Admin\Tools\Export.php:16

actionadmin_post_age_gate_importsrc\Admin\Tools\Import.php:17

actionadmin_post_age_gate_resetsrc\Admin\Tools\Reset.php:17

actionadmin_post_age_gate_reset_postsrc\Admin\Tools\Reset.php:18

actioninitsrc\Admin\Update.php:9

actionin_plugin_update_message-age-gate/age-gate.phpsrc\Admin\Update.php:10

actionadmin_bar_menusrc\Admin\User\Toolbar.php:21

actionwp_enqueue_scriptssrc\Admin\User\Toolbar.php:22

actionwpsrc\App\AgeGate.php:17

actionplugins_loadedsrc\App\I18n.php:9

actionwpsrc\Bootstrap.php:16

actionwp_headsrc\Controller\JsController.php:18

actionwp_enqueue_scriptssrc\Controller\JsController.php:20

filtertemplate_includesrc\Controller\StandardController.php:82

actionadmin_enqueue_scriptssrc\Enqueue\Enqueue.php:12

actionwp_enqueue_scriptssrc\Enqueue\Enqueue.php:13

actionage_gate/before_rendersrc\Integration\Divi.php:23

actionwp_headsrc\Integration\Divi.php:56

filterage_gate/init/contentsrc\Integration\Woof.php:18

actioninitsrc\Legacy\Check.php:15

actionage_gate/validation/validatorssrc\Legacy\Deprecated.php:14

filterage_gate/validation/rulessrc\Legacy\Deprecated.php:15

actionage_gate/custom/aftersrc\Legacy\Deprecated.php:18

actionage_gate/custom/beforesrc\Legacy\Deprecated.php:22

filterage_gate/validation/messagessrc\Legacy\Deprecated.php:24

filterage_gate/validation/namessrc\Legacy\Deprecated.php:25

filterage_gate/cookie/setsrc\Legacy\Deprecated.php:26

filterage_gate/unrestricted/loggedsrc\Legacy\Deprecated.php:29

filterage_gate/restrictedsrc\Legacy\Deprecated.php:30

filterage_gate/unrestrictedsrc\Legacy\Deprecated.php:31

filterage_gate/logo/srcsrc\Legacy\Deprecated.php:34

actionwp_enqueue_scriptssrc\Presentation\FocusTrap.php:11

actionwp_enqueue_scriptssrc\Presentation\Interaction.php:11

actionwp_headsrc\Presentation\Preload.php:14

actionage_gate/formsrc\Presentation\Template.php:11

actionage_gate/form/opensrc\Presentation\Template.php:12

actionage_gate/form/closesrc\Presentation\Template.php:13

actionage_gate/fieldssrc\Presentation\Template.php:14

actionage_gate/custom/aftersrc\Presentation\Template.php:17

actionage_gate/custom/aftersrc\Presentation\Template.php:18

actionage_gate/custom/beforesrc\Presentation\Template.php:22

actionage_gate/custom/beforesrc\Presentation\Template.php:23

actionage_gate/logosrc\Presentation\Template.php:27

actionage_gate/headlinesrc\Presentation\Template.php:28

actionage_gate/subheadlinesrc\Presentation\Template.php:29

actionage_gate/fieldssrc\Presentation\Template.php:30

actionage_gate/errorssrc\Presentation\Template.php:31

actionage_gate/submitsrc\Presentation\Template.php:32

actionage_gate/additionalsrc\Presentation\Template.php:33

actionage_gate/remembersrc\Presentation\Template.php:35

actionage_gate/fields/age_fieldsrc\Presentation\Template.php:36

actionage_gate/form/backgroundsrc\Presentation\Template.php:37

filterwpseo_titlesrc\Presentation\Title.php:20

filterrank_math/frontend/titlesrc\Presentation\Title.php:21

filterdocument_title_partssrc\Presentation\Title.php:22

filterwp_titlesrc\Presentation\Title.php:23

actionrest_api_initsrc\Routes\Rest\Admin\Term.php:21

actionrest_api_initsrc\Routes\Rest\Check.php:18

Maintenance & Trust

Age Gate Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedOct 22, 2025

PHP min version7.4

Downloads1.4M

Community Trust

Rating92/100

Number of ratings64

Active installs40K

Alternatives

Age Gate Alternatives

Age Verification Screen for WooCommerce

age-verification-screen-for-woocommerce

Easily add a customizable age verification screen to your store.

300 No CVEs

Age Gate Lite

age-gate-lite

A lightweight, customisable age gate to lock content from younger audience.

2K No CVEs

Age Gator

age-gate-plus

Age Gator is a Wordpress plugin specifically designed to guard sensitive content (alcohol, gambling, x-rated, etc) from underage users.

400 No CVEs

Imeow 18plus

imeow-18plus

100

A simple plugin that adds a popup window for age confirmation (18 years and older) to your website. Available in CZ and EN language.

0 No CVEs

Vishavjeet Age Consent Banner – Restrict Website Access by Age Verification

vishavjeet-age-consent-banner

100

Restrict website access until visitors confirm their age. Ideal for age-restricted content and compliance needs.

0 No CVEs

Developer Profile

Age Gate Developer Profile

Phil

1 plugin · 40K total installs

trust score

Avg Security Score

90/100

Avg Patch Time

372 days

View full developer profile

Detection Fingerprints

How We Detect Age Gate

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/age-gate/dist/admin-content.js/wp-content/plugins/age-gate/dist/edit.js/wp-content/plugins/age-gate/dist/admin.js

Script Paths

/wp-content/plugins/age-gate/vendor/autoload.php/wp-content/plugins/age-gate/src/Bootstrap.php

Version Parameters

age-gate/dist/admin-content.js?ver=age-gate/dist/edit.js?ver=age-gate/dist/admin.js?ver=

HTML / DOM Fingerprints

Data Attributes

data-age-gate-content-iddata-age-gate-content-namedata-age-gate-content-typedata-age-gate-content-titledata-age-gate-content-descriptiondata-age-gate-content-restriction+1 more

JS Globals

ag_content_paramsag_admin_paramsag_settings

FAQ