Vulnerabilities and security researches foradmin-site-enhancements admin-site-enhancements

Jun 25, 2026

PSC, Research URL: PSC-2026-64673
Home page URL: Security reports for Admin and Site Enhancements (ASE)
Application: Admin and Site Enhancements (ASE)
Date: Jun 25, 2026
Research Description: Administrative enhancement plugins concentrate many privileged controls in one interface, including editor behavior, media tools, SMTP settings, menu changes, and site management modules. That makes them efficient for administrators, but also security-sensitive because broad settings can affect core WordPress behavior. Admin and Site Enhancements (ASE) version 8.8.5 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64673, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for admin module controls, privileged settings, custom site behavior, and WordPress management workflows.
Affected versions: Min 8.8.5, max 8.8.5.
Status: SAFE & CERTIFIED

Apr 24, 2026

CVE, Research URL: CVE-2025-9487
Home page URL: Security reports for Admin and Site Enhancements (ASE)
Application: Admin and Site Enhancements (ASE)
Date: Sep 22, 2025
Research Description: The Admin and Site Enhancements (ASE) WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a malicious SVG containing XSS payloads
Affected versions: max 7.9.8.
Status: vulnerable

Mar 29, 2026

CVE, Research URL: CVE-2026-32423
Home page URL: Security reports for Admin and Site Enhancements (ASE)
Application: Admin and Site Enhancements (ASE)
Date: Mar 14, 2026
Research Description: Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 8.4.0.
Affected versions: max 8.4.1.
Status: vulnerable

Jan 09, 2026

CVE, Research URL: CVE-2025-64255
Home page URL: Security reports for Admin and Site Enhancements (ASE)
Application: Admin and Site Enhancements (ASE)
Date: Dec 09, 2025
Research Description: Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 8.0.8.
Affected versions: max 8.1.0.
Status: vulnerable

May 07, 2025

CVE, Research URL: CVE-2024-43333
Home page URL: Security reports for Admin and Site Enhancements (ASE)
Application: Admin and Site Enhancements (ASE)
Date: Feb 03, 2025
Research Description: Incorrect Privilege Assignment vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.2.1.
Affected versions: max 7.6.3.
Status: vulnerable

Apr 30, 2025

CVE, Research URL: CVE-2024-13688
Home page URL: Security reports for Admin and Site Enhancements (ASE)
Application: Admin and Site Enhancements (ASE)
Date: Apr 28, 2025
Research Description: The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a crafted request
Affected versions: max 7.6.10.
Status: vulnerable

Mar 06, 2025

CVE, Research URL: CVE-2024-13685
Home page URL: Security reports for Admin and Site Enhancements (ASE)
Application: Admin and Site Enhancements (ASE)
Date: Mar 04, 2025
Research Description: The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10.
Affected versions: max 7.6.10.
Status: vulnerable

Feb 06, 2025

CVE, Research URL: CVE-2025-24648
Home page URL: Security reports for Admin and Site Enhancements (ASE)
Application: Admin and Site Enhancements (ASE)
Date: Feb 04, 2025
Research Description: Incorrect Privilege Assignment vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Privilege Escalation.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 7.6.2.1.
Affected versions: max 7.6.3.
Status: vulnerable

Jan 26, 2025

CVE, Research URL: CVE-2025-24649
Home page URL: Security reports for Admin and Site Enhancements (ASE)
Application: Admin and Site Enhancements (ASE)
Date: Jan 24, 2025
Research Description: Missing Authorization vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements (ASE): from n/a through <= 7.6.2.
Affected versions: max 7.6.3.
Status: vulnerable

Nov 14, 2024

CVE, Research URL: CVE-2024-10790
Home page URL: Security reports for Admin and Site Enhancements (ASE)
Application: Admin and Site Enhancements (ASE)
Date: Nov 12, 2024
Research Description: The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with custom-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. This feature must be enabled, and for specific roles in order to be exploitable.
Affected versions: max 7.5.2.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2023-46630
Home page URL: Security reports for Admin and Site Enhancements (ASE)
Application: Admin and Site Enhancements (ASE)
Date: Jun 04, 2024
Research Description: Improper Authentication vulnerability in wpase Admin and Site Enhancements (ASE) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements (ASE): from n/a through 5.7.1.
Affected versions: max 5.8.0.
Status: vulnerable