Lucene search
+L

19 matches found

nvd
nvd
added 2026/07/06 8:16 a.m.7 views

CVE-2026-12083

The Admin and Site Enhancements ASE WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted...

8.1CVSS0.00295EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/06 6:0 a.m.35 views

CVE-2026-12083 Admin and Site Enhancements < 8.8.4 - Unauthenticated Administrator-Role Restoration via reset-for Parameter

The Admin and Site Enhancements ASE WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted...

0.00295EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/03/26 3:17 p.m.6 views

CVE-2026-32423

Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 8.4.0...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References1
euvd
euvd
added 2026/03/13 9:31 p.m.4 views

EUVD-2026-11951

Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 8.4.0...

5.4CVSS5.8AI score0.00168EPSS
Exploits0References2
cvelist
cvelist
added 2026/03/13 11:42 a.m.28 views

CVE-2026-32423 WordPress Admin and Site Enhancements (ASE) plugin <= 8.4.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 8.4.0...

5.4CVSS0.00168EPSS
Exploits0References1
cve
cve
added 2026/03/13 11:42 a.m.10 views

CVE-2026-32423

The CVE-2026-32423 entry concerns the WordPress Admin and Site Enhancements (ASE) plugin, version

5.4CVSS5.8AI score0.00168EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/12/10 2:22 p.m.8 views

CVE-2025-64255

Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 8.0.8...

2.7CVSS6.9AI score0.00265EPSS
Exploits0References1
nvd
nvd
added 2025/12/09 4:18 p.m.6 views

CVE-2025-64255

Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 8.0.8...

2.7CVSS0.00265EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/12/09 2:13 p.m.3 views

CVE-2025-64255 WordPress Admin and Site Enhancements (ASE) plugin <= 8.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 8.0.8...

2.7CVSS6.5AI score0.00265EPSS
Exploits0References1
cvelist
cvelist
added 2025/12/09 2:13 p.m.33 views

CVE-2025-64255 WordPress Admin and Site Enhancements (ASE) plugin <= 8.0.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 8.0.8...

2.7CVSS0.00265EPSS
Exploits0References1
cve
cve
added 2025/12/09 2:13 p.m.15 views

CVE-2025-64255

Technical details for CVE-2025-64255 are not provided in the supplied documents. No information on affected versions, root cause, exploit scenarios, or fixes. Monitor for updates from official advisories and connected sources.

2.7CVSS6.5AI score0.00265EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-30407

Malicious code in bioql PyPI...

4.7CVSS6.4AI score0.00217EPSS
Exploits0References2
redhatcve
redhatcve
added 2025/09/24 6:34 a.m.9 views

CVE-2025-9487

The Admin and Site Enhancements ASE WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a malicious SVG containing XSS payloads...

4.7CVSS6.2AI score0.00217EPSS
Exploits0References1
cvelist
cvelist
added 2025/09/22 6:0 a.m.14 views

CVE-2025-9487 Admin and Site Enhancements < 7.9.8 - Authenticated Stored XSS via SVG

The Admin and Site Enhancements ASE WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a malicious SVG containing XSS payloads...

0.00217EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/09/22 12:0 a.m.6 views

PT-2025-38690

Name of the Vulnerable Software and Affected Versions Admin and Site Enhancements ASE WordPress plugin versions prior to 7.9.8 Description The software does not properly sanitize SVG files when uploaded through the xmlrpc.php file, if SVG uploads are enabled. This could allow an attacker to uploa...

4.7CVSS5.7AI score0.00217EPSS
Exploits0References3
osv
osv
added 2025/03/04 6:15 a.m.3 views

CVE-2024-13685

The Admin and Site Enhancements ASE WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements ASE WordPress plugin before 7.6.10...

5.3CVSS7.3AI score0.00338EPSS
Exploits1References1
cve
cve
added 2025/02/04 2:21 p.m.61 views

CVE-2025-24648

CVE-2025-24648 affects WordPress Admin and Site Enhancements (ASE) plugin versions n/a through 7.6.2.1. The issue is an Incorrect Privilege Assignment that allows Privilege Escalation, with CVSS v3.1 base score 7.5 ( HIGH ) and network attack vector, high complexity, low privileges required, no u...

7.5CVSS7.4AI score0.00378EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2025/01/24 12:0 a.m.12 views

PT-2025-5473 · Unknown · Admin/Site Enhancements

Name of the Vulnerable Software and Affected Versions: Admin and Site Enhancements ASE versions n/a through 7.6.2 Description: The issue is related to a Missing Authorization vulnerability, allowing the exploitation of incorrectly configured access control security levels. Recommendations: For...

4.3CVSS7AI score0.00366EPSS
Exploits0References3
cnnvd
cnnvd
added 2024/11/12 12:0 a.m.4 views

WordPress plugin Admin and Site Enhancements 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS7.5AI score0.00306EPSS
Exploits0References3
Rows per page
Query Builder