cleantalk
Vulnerabilities and Security Researches

Admin and Site Enhancements (ASE), CVE-2025-9487

CVE, Research URL

CVE-2025-9487

Home page URL

Security reports for Admin and Site Enhancements (ASE)

Application

Admin and Site Enhancements (ASE)

Published on
Sep 22, 2025
Research Description
The Admin and Site Enhancements (ASE) WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a malicious SVG containing XSS payloads
Affected versions
max 7.9.8.
Status
vulnerable
Previous vulnerability researches
Web Application Firewall – website security (CVE-2022-4539) , Sep 02, 2024
Web Application Firewall – website security (CVE-2024-2172) , Jun 07, 2024
New vulnerability
Quran Live Multilanguage (CVE-2026-4074) , Apr 24, 2026
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2025-58269) , Apr 24, 2026
AnyClip Luminous Studio (CVE-2025-58271) , Apr 24, 2026
Getwid – Gutenberg Blocks (CVE-2025-58252) , Apr 24, 2026
Admin and Site Enhancements (ASE) (CVE-2025-9487) , Apr 24, 2026