Age Verification - Reflected cross-site scripting (XSS)
Summary
Full name
Age Verification for your checkout page. Verify your customer's identity 1.20.0 - Reflected cross-site scripting (XSS)
Code name
State
Public
Release date
18 feb 2025
Affected product
Age Verification for your checkout page. Verify your customer's identity
Affected version(s)
Version 1.20.0
Vulnerability name
Reflected cross-site scripting (XSS)
Vulnerability type
Remotely exploitable
No
CVSS v3.1 vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVSS v3.1 base score
4.3
Exploit available
No
CVE ID(s)
Description
Age Verification for your checkout page. Verify your customer's identity 1.20.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/class-wc-integration-agechecker-integration.php.
Vulnerability
Skims by Fluid Attacks discovered a Reflected cross-site scripting (XSS) in Age Verification for your checkout page. Verify your customer's identity 1.20.0. The following is the output of the tool:
Skims output
Our security policy
We have reserved the ID CVE-2025-22622 to refer to this issue from now on.
System Information
Version: Age Verification for your checkout page. Verify your customer's identity 1.20.0
Mitigation
The version 1.20.1 contains the patched version of the plugin.
Timeline
Vulnerability discovered
6 dic 2024
Vendor contacted
10 feb 2025
Vulnerability patched
11 feb 2025
Public disclosure
18 feb 2025