Does Age Verification & Identity Verification by Token of Trust have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Age Verification & Identity Verification by Token of Trust compatible with WordPress 7.0.0?

According to WordPress.org data, Age Verification & Identity Verification by Token of Trust 3.34.0 has been tested up to WordPress 7.0.0. Check the plugin's changelog for the latest compatibility information.

Is Age Verification & Identity Verification by Token of Trust compatible with PHP 7.2.5+?

Age Verification & Identity Verification by Token of Trust requires PHP 7.2.5 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Age Verification & Identity Verification by Token of Trust Security & Risk Analysis

wordpress.org/plugins/token-of-trust

Verify age at checkout, protect pages from underage visitors, or set up advanced identity verification checks. Setup wizard gets you going in minutes.

50 active installs v3.34.0 PHP 7.2.5+ WP 5.3.0+ Updated Apr 14, 2026

age-gateage-verificationidentity-verificationkycverify-age

A · Safe

CVEs total1

Unpatched0

Last CVEApr 14, 2026

Download

Safety Verdict

Is Age Verification & Identity Verification by Token of Trust Safe to Use in 2026?

Generally Safe

Score 97/100

Age Verification & Identity Verification by Token of Trust has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

1 known CVELast CVE: Apr 14, 2026Updated 1mo ago

Risk Assessment

The 'token-of-trust' plugin v3.32.2 exhibits a concerning security posture due to a significant number of unprotected entry points. While the plugin has no recorded vulnerability history, indicating a potentially low historical risk, the static analysis reveals several areas that warrant attention. Specifically, 6 out of 8 AJAX handlers and 1 out of 1 REST API route lack authentication checks, creating a substantial attack surface accessible to unauthenticated users. Furthermore, the taint analysis shows 6 flows with unsanitized paths, a critical indicator of potential vulnerabilities, even though they are not classified as critical or high severity in this specific scan. The moderate percentage of proper output escaping and the usage of prepared statements for SQL queries are positive signs, but the unescaped output and raw SQL queries still present a risk. The presence of bundled libraries like Guzzle and Select2 is standard, but their security depends on their individual patch status, which is not detailed here. Overall, the plugin's strengths lie in its lack of historical vulnerabilities and some good coding practices like prepared statements. However, the numerous unprotected entry points and unsanitized code paths are significant weaknesses that could be exploited.

Key Concerns

AJAX handlers without auth checks
REST API routes without permission callbacks
Flows with unsanitized paths
SQL queries not using prepared statements
Output not properly escaped
Nonce checks present
Capability checks present

Vulnerabilities

1 published

Age Verification & Identity Verification by Token of Trust Security Vulnerabilities

CVEs by Year

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

1 total CVE

CVE-2026-2834high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Age Verification & Identity Verification by Token of Trust <= 3.32.3 - Unauthenticated Stored Cross-Site Scripting via 'description' Parameter

Apr 14, 2026 Patched in 3.32.4 (1d)

Version History

Age Verification & Identity Verification by Token of Trust Release Timeline

v3.34.0Current

v3.33.0

v3.32.5

v3.32.4

v3.32.31 CVE

v3.32.21 CVE

v3.32.11 CVE

v3.32.01 CVE

v3.31.71 CVE

v3.31.61 CVE

v3.31.51 CVE

v3.31.41 CVE

v3.31.31 CVE

v3.31.21 CVE

v3.31.11 CVE

v3.31.01 CVE

v3.30.21 CVE

v3.30.11 CVE

v3.30.01 CVE

v3.29.61 CVE

Code Analysis

Analyzed Mar 16, 2026

Age Verification & Identity Verification by Token of Trust Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

173

169 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

GuzzleSelect2

SQL Query Safety

33% prepared3 total queries

Output Escaping

49% escaped342 total outputs

Data Flows · Security

6 unsanitized

Data Flow Analysis

7 flows6 with unsanitized paths

get_settings_page (Modules\Shared\Settings\Page.php:246)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

7 unprotected

Age Verification & Identity Verification by Token of Trust Attack Surface

Entry Points11

Unprotected7

AJAX Handlers 8

authwp_ajax_tot_quickstart_settingsadmin\class-quickstart.php:22

authwp_ajax_tot_verify_personapi\client-api-verify-person.php:83

noprivwp_ajax_tot_verify_personapi\client-api-verify-person.php:84

authwp_ajax_tot_wc_order_unquarantineintegrations\woocommerce\class-admin.php:38

authwp_ajax_tot_wc_email_reminderintegrations\woocommerce\class-admin.php:39

authwp_ajax_tot_woo_order_syncintegrations\woocommerce\class-admin.php:40

authwp_ajax_woocommerce_load_variationsintegrations\woocommerce\class-variation-sync.php:19

authwp_ajax_woocommerce_save_variationsintegrations\woocommerce\class-variation-sync.php:20

REST API Routes 1

POST/wp-json/tot/v1/check-verification-requiredintegrations\woocommerce\blocks\Block_Checkout.php:60

Shortcodes 2

[tot-reputation-status] Modules\Verification\Shared\shortcode-tot-reputation-status.php:20

[tot-wp-embed] Modules\Verification\Shared\shortcode-tot-wp-embed.php:3

WordPress Hooks 124

actionactivated_pluginadmin\class-plugin-updates.php:23

actiondeactivated_pluginadmin\class-plugin-updates.php:26

filterupgrader_pre_installadmin\class-plugin-updates.php:29

actionupgrader_process_completeadmin\class-plugin-updates.php:32

actioninitadmin\class-quickstart.php:17

actionwidgets_initadmin\class-webhooks.php:13

actiontot_webhook_successadmin\class-webhooks.php:14

actiontot_webhook_rejectedadmin\class-webhooks.php:15

actionwpadmin\class-webhooks.php:18

actionin_admin_headeradmin\embed-avoma-scheduler.php:13

actionadmin_initadmin\plugin-activation.php:15

actionadmin_initadmin\settings-page\fields.php:19

actionload-toplevel_page_totsettingsadmin\settings-page\fields.php:27

actionadmin_enqueue_scriptsadmin\settings-page\fields.php:372

actionadmin_menuadmin\settings-page\menu-item.php:3

actionadmin_enqueue_scriptsadmin\settings-page\menu-item.php:4

actionrest_api_initadmin\setup-wizard\class-setup-wizard.php:35

actionadmin_enqueue_scriptsadmin\setup-wizard\class-setup-wizard.php:45

filtermanage_users_columnsadmin\user-panels.php:6

filtermanage_users_custom_columnadmin\user-panels.php:7

actionshow_user_profileadmin\user-panels.php:8

actionedit_user_profileadmin\user-panels.php:9

actiontot_set_connection_successexamples\action--set-connection.php:13

actiontot_set_connection_failedexamples\action--set-connection.php:14

filtertot_set_connection_app_dataexamples\filter--set-connection-app-data.php:13

filtertot_is_verification_required_for_orderexamples\filter--wc-is_verification_required_for_order.php:13

filtertot_order_verification_dataexamples\filter--wc-order-verification-data.php:11

filtertot_verify_person_dataexamples\filter--wc-order-verification-data.php:12

filtertot_process_order_set_quarantineexamples\filter--wc-process-order-set-quarantine.php:15

filterblock_categories_allgutenberg-blocks\class-blocks-controller.php:15

actioninitgutenberg-blocks\class-blocks-controller.php:21

filterum_account_page_default_tabs_hookintegrations\ultimate-member\um_account_page.php:3

filterum_account_content_hook_verificationintegrations\ultimate-member\um_account_page.php:5

filterum_profile_tabsintegrations\ultimate-member\um_profile_page.php:6

actionadmin_menuintegrations\ultimate-member\um_settings_menu.php:5

actionadmin_initintegrations\ultimate-member\um_settings_menu.php:6

actionadmin_enqueue_scriptsintegrations\ultimate-member\um_settings_menu.php:7

actionplugins_loadedintegrations\woocommerce\abstract-product-sync.php:150

actioninitintegrations\woocommerce\abstract-product-sync.php:155

actionrest_api_initintegrations\woocommerce\blocks\Block_Checkout.php:34

actionwoocommerce_blocks_checkout_block_registrationintegrations\woocommerce\blocks\Block_Checkout.php:48

actionwoocommerce_store_api_cart_errorsintegrations\woocommerce\blocks\Block_Checkout.php:72

actionwoocommerce_store_api_checkout_order_processedintegrations\woocommerce\blocks\Block_Checkout.php:83

actionwidgets_initintegrations\woocommerce\class-admin.php:18

actionbefore_woocommerce_initintegrations\woocommerce\class-admin.php:21

actionadd_meta_boxesintegrations\woocommerce\class-admin.php:36

actionadmin_enqueue_scriptsintegrations\woocommerce\class-admin.php:37

filtermanage_edit-shop_order_columnsintegrations\woocommerce\class-admin.php:46

actionmanage_shop_order_posts_custom_columnintegrations\woocommerce\class-admin.php:47

filtermanage_woocommerce_page_wc-orders_columnsintegrations\woocommerce\class-admin.php:50

actionmanage_woocommerce_page_wc-orders_custom_columnintegrations\woocommerce\class-admin.php:51

actionwp_enqueue_scriptsintegrations\woocommerce\class-checkout.php:63

filterwc_order_statusesintegrations\woocommerce\class-checkout.php:64

actionwoocommerce_review_order_before_submitintegrations\woocommerce\class-checkout.php:67

actionwoocommerce_checkout_processintegrations\woocommerce\class-checkout.php:68

actionwoocommerce_checkout_update_order_metaintegrations\woocommerce\class-checkout.php:72

actionwoocommerce_checkout_order_createdintegrations\woocommerce\class-checkout.php:73

actionwoocommerce_checkout_order_processedintegrations\woocommerce\class-checkout.php:74

actionwoocommerce_order_status_changedintegrations\woocommerce\class-checkout.php:75

actionwoocommerce_before_template_partintegrations\woocommerce\class-checkout.php:77

filterbody_classintegrations\woocommerce\class-checkout.php:78

actiontot_webhook_successintegrations\woocommerce\class-checkout.php:81

actiontemplate_redirectintegrations\woocommerce\class-checkout.php:82

actionwoocommerce_checkout_update_order_reviewintegrations\woocommerce\class-checkout.php:89

actionwoocommerce_review_order_before_order_totalintegrations\woocommerce\class-checkout.php:90

actionwoocommerce_before_calculate_totalsintegrations\woocommerce\class-checkout.php:91

actionwoocommerce_checkout_order_processedintegrations\woocommerce\class-checkout.php:92

actionwoocommerce_initintegrations\woocommerce\class-checkout.php:2385

actionadmin_initintegrations\woocommerce\class-checkout.php:2390

actionwpintegrations\woocommerce\class-checkout.php:2392

actionwoocommerce_cart_item_removedintegrations\woocommerce\class-checkout.php:2403

actionwoocommerce_add_to_cartintegrations\woocommerce\class-checkout.php:2404

actionwoocommerce_after_cart_item_quantity_updateintegrations\woocommerce\class-checkout.php:2405

actionwoocommerce_cart_calculate_feesintegrations\woocommerce\class-checkout.php:2408

actionwoocommerce_checkout_order_processedintegrations\woocommerce\class-checkout.php:2411

actionwoocommerce_store_api_checkout_order_processedintegrations\woocommerce\class-checkout.php:2412

actionwoocommerce_order_payment_status_changedintegrations\woocommerce\class-checkout.php:2415

actionwoocommerce_checkout_order_processedintegrations\woocommerce\class-checkout.php:2417

actionwoocommerce_checkout_order_processedintegrations\woocommerce\class-checkout.php:2423

actionwoocommerce_store_api_checkout_order_processedintegrations\woocommerce\class-checkout.php:2424

actionwoocommerce_order_payment_status_changedintegrations\woocommerce\class-checkout.php:2427

actioninitintegrations\woocommerce\class-donations.php:96

actionwoocommerce_product_options_general_product_dataintegrations\woocommerce\class-product-sync.php:59

actionwoocommerce_admin_process_product_objectintegrations\woocommerce\class-product-sync.php:61

actionwoocommerce_product_options_general_product_dataintegrations\woocommerce\class-product-sync.php:66

actionwoocommerce_admin_process_product_objectintegrations\woocommerce\class-product-sync.php:68

filterwoocommerce_product_export_column_namesintegrations\woocommerce\class-product-sync.php:72

filterwoocommerce_product_export_product_default_columnsintegrations\woocommerce\class-product-sync.php:73

filterwoocommerce_csv_product_import_mapping_optionsintegrations\woocommerce\class-product-sync.php:88

filterwoocommerce_product_import_pre_insert_product_objectintegrations\woocommerce\class-product-sync.php:89

filterwoocommerce_csv_product_import_mapping_default_columnsintegrations\woocommerce\class-product-sync.php:90

actionwoocommerce_initintegrations\woocommerce\class-settings.php:19

actionadmin_menuintegrations\woocommerce\class-settings.php:27

actionadmin_noticesintegrations\woocommerce\class-settings.php:28

actionadmin_initintegrations\woocommerce\class-settings.php:29

actionwoocommerce_product_after_variable_attributesintegrations\woocommerce\class-variation-sync.php:28

actionwoocommerce_save_product_variationintegrations\woocommerce\class-variation-sync.php:29

actionwoocommerce_ajax_save_product_variationsintegrations\woocommerce\class-variation-sync.php:30

actionbefore_woocommerce_initintegrations\woocommerce\wc-admin.php:77

filtercron_schedulesintegrations\woocommerce\wc-cron.php:5

actioninitintegrations\woocommerce\wc-cron.php:18

actiontot_sync_ordersintegrations\woocommerce\wc-cron.php:28

actioninitintegrations\woocommerce\woocommerce.php:33

actionadmin_enqueue_scriptsModules\Shared\Settings\Page.php:143

actiontot_webhook_successModules\Shared\Settings.php:35

actionadmin_initModules\Tax\token-of-trust-taxes.php:36

actionadmin_noticesModules\Tax\token-of-trust-taxes.php:54

actioninitModules\Verification\Shared\cron.php:6

actiontot_get_faq_pageModules\Verification\Shared\cron.php:17

actionshutdownModules\Verification\Shared\Debugger.php:43

actionshutdownModules\Verification\Shared\Debugger.php:46

actionadmin_noticesModules\Verification\Shared\flash-notice-queue.php:58

actionwp_headersModules\Verification\Shared\shortcode-tot-reputation-status.php:8

actionwidgets_initModules\Verification\Shared\tot-request-utils.php:6

actionwp_loadedModules\Verification\Shared\tot-request-utils.php:7

actiontemplate_redirectModules\Verification\Shared\verification_requirements.php:9

actionwp_footerModules\Verification\Shared\verification_requirements.php:10

actionwidgets_initModules\Verification\Shared\verification_requirements.php:18

actionplugins_loadedtoken-of-trust.php:62

actioninittoken-of-trust.php:84

filterauto_update_pluginupgrades\detection.php:23

actionadmin_initupgrades\detection.php:47

actionadmin_noticesupgrades\detection.php:105

actionuser_registerusers\new-user-tot-connection.php:3

Scheduled Events 2

tot_sync_orders

tot_get_faq_page

Maintenance & Trust

Age Verification & Identity Verification by Token of Trust Maintenance & Trust

Maintenance Signals

WordPress version tested7.0.0

Last updatedApr 14, 2026

PHP min version7.2.5

Downloads45K

Community Trust

Rating86/100

Number of ratings15

Active installs50

Alternatives

Age Verification & Identity Verification by Token of Trust Alternatives

Didit Verify

didit-verify

100

Add identity verification to any WordPress page or WooCommerce checkout using Didit.

10 No CVEs

Konfirmi Plugin

konfirmi

KONFIRMI allows you to easily and automatically verify your customer's age, ID, address, and other information.

10 No CVEs

iDenfy for WooCommerce

idenfy-for-woocommerce

100

Add identity verification to your WooCommerce store. Verify customers before checkout with ID checks — powered by iDenfy.

0 No CVEs

Age Gate

age-gate

A plugin to check the age of a visitor before view site or specified content

40K 5 CVEs

Age Gate Lite

age-gate-lite

A lightweight, customisable age gate to lock content from younger audience.

2K No CVEs

Developer Profile

Age Verification & Identity Verification by Token of Trust Developer Profile

Token of Trust

1 plugin · 50 total installs

trust score

Avg Security Score

97/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect Age Verification & Identity Verification by Token of Trust

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/token-of-trust/token-of-trust.css/wp-content/plugins/token-of-trust/token-of-trust.js/wp-content/plugins/token-of-trust/Modules/Shared/Assets/tot-error-log.js/wp-content/plugins/token-of-trust/analytics/build/analyticsTracker.bundle.js/wp-content/plugins/token-of-trust/admin/plugin-deactivation/assets/scripts/plugin-deactivation.js

Script Paths

/wp-content/plugins/token-of-trust/token-of-trust.js/wp-content/plugins/token-of-trust/Modules/Shared/Assets/tot-error-log.js/wp-content/plugins/token-of-trust/analytics/build/analyticsTracker.bundle.js/wp-content/plugins/token-of-trust/admin/plugin-deactivation/assets/scripts/plugin-deactivation.js

Version Parameters

token-of-trust.css?ver=token-of-trust.js?ver=tot-error-log.js?ver=analyticsTracker.bundle.js?ver=plugin-deactivation.js?ver=

HTML / DOM Fingerprints

CSS Classes

tot-taxes-notice

Data Attributes

data-tot-hostdata-tot-versiondata-tot-app-domaindata-tot-rest-urldata-tot-noncedata-tot-app-user-email+1 more

JS Globals

totObjtotPluginDeactivationData

REST Endpoints

/wp-json/tot/v1/webhooks/wp-json/tot/v1/client-api/verify-person

FAQ

Age Verification & Identity Verification by Token of Trust Security & Risk Analysis

Is Age Verification & Identity Verification by Token of Trust Safe to Use in 2026?

Generally Safe

Key Concerns

Age Verification & Identity Verification by Token of Trust Security Vulnerabilities

CVEs by Year

Severity Breakdown

Age Verification & Identity Verification by Token of Trust Release Timeline

Age Verification & Identity Verification by Token of Trust Code Analysis

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

Age Verification & Identity Verification by Token of Trust Attack Surface

AJAX Handlers 8

REST API Routes 1

Shortcodes 2

Scheduled Events 2

Age Verification & Identity Verification by Token of Trust Maintenance & Trust

Maintenance Signals

Community Trust

Age Verification & Identity Verification by Token of Trust Alternatives

Didit Verify

Konfirmi Plugin

iDenfy for WooCommerce

Age Gate

Age Gate Lite

Age Verification & Identity Verification by Token of Trust Developer Profile

How We Detect Age Verification & Identity Verification by Token of Trust

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Age Verification & Identity Verification by Token of Trust