Vulnerabilities and security researches foradmin-site-enhancements admin-site-enhancements

Jun 07, 2024

CVE, Research URL: CVE-2023-46630
Home page URL: Security reports for Admin and Site Enhancements (ASE)
Application: Admin and Site Enhancements (ASE)
Date: Jun 04, 2024
Research Description: Improper Authentication vulnerability in wpase Admin and Site Enhancements (ASE) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements (ASE): from n/a through 5.7.1.
Affected versions: Min -, max -.
Status: vulnerable

Nov 14, 2024

CVE, Research URL: CVE-2024-10790
Home page URL: Security reports for Admin and Site Enhancements (ASE)
Application: Admin and Site Enhancements (ASE)
Date: Nov 12, 2024
Research Description: The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with custom-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. This feature must be enabled, and for specific roles in order to be exploitable.
Affected versions: Min -, max -.
Status: vulnerable

Jan 26, 2025

CVE, Research URL: CVE-2025-24649
Home page URL: Security reports for Admin and Site Enhancements (ASE)
Application: Admin and Site Enhancements (ASE)
Date: Jan 24, 2025
Research Description: Missing Authorization vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2.
Affected versions: Min -, max -.
Status: vulnerable

Feb 06, 2025

CVE, Research URL: CVE-2025-24648
Home page URL: Security reports for Admin and Site Enhancements (ASE)
Application: Admin and Site Enhancements (ASE)
Date: Feb 04, 2025
Research Description: Admin and Site Enhancements (ASE) [admin-site-enhancements] < 7.6.3 CVE-2025-24648 [en] Incorrect Privilege Assignment vulnerability in wpase.com Admin and Site Enhancements (ASE) allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE): from n/a through 7.6.2.1.
Affected versions: Min -, max -.
Status: vulnerable

Mar 06, 2025

CVE, Research URL: CVE-2024-13685
Home page URL: Security reports for Admin and Site Enhancements (ASE)
Application: Admin and Site Enhancements (ASE)
Date: Mar 04, 2025
Research Description: The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10.
Affected versions: Min -, max -.
Status: vulnerable

Apr 30, 2025

CVE, Research URL: CVE-2024-13688
Home page URL: Security reports for Admin and Site Enhancements (ASE)
Application: Admin and Site Enhancements (ASE)
Date: Apr 28, 2025
Research Description: The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a crafted request
Affected versions: Min -, max -.
Status: vulnerable