Does XYZ Age Verification have any unpatched vulnerabilities?

No. All known vulnerabilities in XYZ Age Verification have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is XYZ Age Verification compatible with WordPress 6.9.4?

According to WordPress.org data, XYZ Age Verification 2.5.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is XYZ Age Verification compatible with PHP 7.4+?

XYZ Age Verification requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is XYZ Age Verification updated?

XYZ Age Verification was last updated on Mar 15, 2026. Frequent updates are generally a positive security signal.

What is XYZ Age Verification's security score?

XYZ Age Verification has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

XYZ Age Verification Security & Risk Analysis

wordpress.org/plugins/xyz-age-verification-free

Real age verification for WordPress — biometric liveness detection and government ID verification, not just a checkbox.

0 active installs v2.5.0 PHP 7.4+ WP 5.6+ Updated Mar 15, 2026

adult-contentage-checkage-gateage-verificationliveness-detection

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is XYZ Age Verification Safe to Use in 2026?

Generally Safe

Score 100/100

XYZ Age Verification has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 20d ago

Risk Assessment

The "xyz-age-verification-free" plugin v2.5.0 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, SQL queries that are all prepared, a high percentage of properly escaped outputs, and the presence of nonce and capability checks on all identified AJAX handlers are significant strengths. The plugin also has no recorded vulnerabilities, which is highly positive.

However, a few areas warrant attention. The taint analysis revealed two flows with unsanitized paths, which, while not classified as critical or high severity in this report, could potentially be exploited if specific conditions are met. The presence of 21 external HTTP requests is also a notable aspect; while not inherently a vulnerability, it increases the plugin's reliance on external services and can introduce potential risks if those services are compromised or misconfigured.

Overall, the plugin demonstrates good security practices, particularly in input validation and output sanitization, and a clean vulnerability history. The main area of concern lies in the identified unsanitized paths, which should be thoroughly investigated. The large number of external HTTP requests, while not a direct flaw, represents a point of increased attack surface that should be monitored.

Key Concerns

Flows with unsanitized paths detected
High number of external HTTP requests

Vulnerabilities

None known

XYZ Age Verification Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

XYZ Age Verification Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

69 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

93% escaped74 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

4 flows2 with unsanitized paths

xyzav_age_gate_redirect (mu-plugin\xyz-age-gate-redirect.php:68)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

XYZ Age Verification Attack Surface

Entry Points11

Unprotected0

AJAX Handlers 8

authwp_ajax_xyzav_start_sessionxyz-age-verification-free.php:99

noprivwp_ajax_xyzav_start_sessionxyz-age-verification-free.php:100

authwp_ajax_xyzav_poll_sessionxyz-age-verification-free.php:103

noprivwp_ajax_xyzav_poll_sessionxyz-age-verification-free.php:104

authwp_ajax_xyzav_fetch_cookie_keyxyz-age-verification-free.php:107

authwp_ajax_xyzav_free_registerxyz-age-verification-free.php:110

authwp_ajax_xyzav_free_infoxyz-age-verification-free.php:113

authwp_ajax_xyzav_free_transfer_urlxyz-age-verification-free.php:114

Shortcodes 3

[xyzav_age_verify] xyz-age-verification-free.php:83

[xyzav_return_url_input] xyz-age-verification-free.php:84

[xyzav_return_url] xyz-age-verification-free.php:85

WordPress Hooks 7

actioninitxyz-age-verification-free.php:80

actionwp_enqueue_scriptsxyz-age-verification-free.php:88

actionadmin_menuxyz-age-verification-free.php:91

actionadmin_initxyz-age-verification-free.php:92

actionadmin_enqueue_scriptsxyz-age-verification-free.php:93

actionadmin_noticesxyz-age-verification-free.php:96

actionrest_api_initxyz-age-verification-free.php:117

Maintenance & Trust

XYZ Age Verification Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 15, 2026

PHP min version7.4

Downloads98

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

XYZ Age Verification Alternatives

Easy Age Verify

easy-age-verify

Age restricts adult only, vape or alcohol sites with a fullscreen popup window. Quick turnkey setup with customization and translation options.

1K 1 CVE

Advanced Age Verification Popup

advanced-age-verification-popup

100

Add an age verification popup with Yes/No and Date of Birth check for WooCommerce or adult sites.

50 No CVEs

Age Gate

age-gate

A plugin to check the age of a visitor before view site or specified content

40K 5 CVEs

Age Gate Lite

age-gate-lite

A lightweight, customisable age gate to lock content from younger audience.

2K No CVEs

Age Verification Screen for WooCommerce

age-verification-screen-for-woocommerce

Easily add a customizable age verification screen to your store.

300 No CVEs

Developer Profile

XYZ Age Verification Developer Profile

xyzageverify

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect XYZ Age Verification

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/xyz-age-verification-free/assets/css/age-gate.css/wp-content/plugins/xyz-age-verification-free/assets/js/qrcode.min.js/wp-content/plugins/xyz-age-verification-free/assets/js/age-gate.js/wp-content/plugins/xyz-age-verification-free/assets/js/settings-admin.js

Version Parameters

xyz-age-verification-free/assets/css/age-gate.css?ver=xyz-age-verification-free/assets/js/qrcode.min.js?ver=xyz-age-verification-free/assets/js/age-gate.js?ver=xyz-age-verification-free/assets/js/settings-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

xyzav-age-gate-wrapperxyzav-age-gate-headerxyzav-age-gate-titlexyzav-age-gate-contentxyzav-age-gate-qr-codexyzav-age-gate-buttonxyzav-age-gate-status

HTML Comments

Data Attributes

data-xyzav-api-urldata-xyzav-verify-urldata-xyzav-cookie-name

JS Globals

xyzAvSettingsXYZAV_ADMIN_OBJECT

REST Endpoints

/wp-json/xyzav/v1/free-plan/register/wp-json/xyzav/v1/free-plan/info/wp-json/xyzav/v1/free-plan/transfer-url

Shortcode Output

[xyzav_age_verify][xyzav_return_url_input][xyzav_return_url]

FAQ