CVE-2012-6499

NUCLEI

Age Verification < 0.4 - Open Redirect via redirect_to Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-6499. PoCs published by Gianluca Brindisi. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates an open redirect vulnerability in the WordPress Age Verification plugin <= 0.4. It allows attackers to redirect users to arbitrary URLs via GET or POST requests, potentially facilitating phishing or other malicious activities.

Description

Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Gianluca Brindisi · textwebappsphp

https://www.exploit-db.com/exploits/18350

View Code ZIP pw:eip

This exploit demonstrates an open redirect vulnerability in the WordPress Age Verification plugin <= 0.4. It allows attackers to redirect users to arbitrary URLs via GET or POST requests, potentially facilitating phishing or other malicious activities.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: WordPress Age Verification plugin <= 0.4

No auth needed

Prerequisites: Access to the vulnerable plugin endpoint

MITRE ATT&CK

T1204.001 - Malicious Link

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Gianluca Brindisi · textwebappsphp

https://www.exploit-db.com/exploits/36540

View Code ZIP pw:eip

The exploit describes a URI-redirection vulnerability in the WordPress Age Verification plugin due to improper input sanitization. An attacker can craft a malicious URL to redirect users to an arbitrary site, aiding in phishing attacks.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: WordPress Age Verification plugin 0.4 and prior

No auth needed

Prerequisites: Access to the vulnerable WordPress plugin endpoint

MITRE ATT&CK

T1505 - Server Software Component T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WordPress Plugin Age Verification v0.4 - Open Redirect

MEDIUMby ctflearner

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/51357

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18350

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/82584

Scores

EPSS 0.4640

EPSS Percentile 97.7%

Details

CWE

CWE-20

Status published

Products (1)

age_verification_project/age_verification < 0.4

Published Jan 12, 2013

Tracked Since Feb 18, 2026