cleantalk
Vulnerabilities and Security Researches

Admin and Site Enhancements (ASE), CVE-2025-9487

CVE, Research URL

CVE-2025-9487

Home page URL

Security reports for Admin and Site Enhancements (ASE)

Application

Admin and Site Enhancements (ASE)

Published on
Sep 22, 2025
Research Description
The Admin and Site Enhancements (ASE) WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a malicious SVG containing XSS payloads
Affected versions
max 7.9.8.
Status
vulnerable
Previous vulnerability researches
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss (CVE-2023-45002) , Jun 10, 2024
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss (CVE-2021-24649) , Jun 07, 2024
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss (CVE-2021-25076) , Jun 07, 2024
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss (CVE-2023-47682) , Jun 07, 2024
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss (CVE-2025-58672) , Oct 12, 2025
New vulnerability
Coil Web Monetization (CVE-2025-9625) , Apr 24, 2026
Quran Live Multilanguage (CVE-2026-4074) , Apr 24, 2026
WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts (CVE-2025-58269) , Apr 24, 2026
AnyClip Luminous Studio (CVE-2025-58271) , Apr 24, 2026
Getwid – Gutenberg Blocks (CVE-2025-58252) , Apr 24, 2026