19 matches found
CVE-2026-12083
The Admin and Site Enhancements ASE WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted...
CVE-2026-12083 Admin and Site Enhancements < 8.8.4 - Unauthenticated Administrator-Role Restoration via reset-for Parameter
The Admin and Site Enhancements ASE WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted...
CVE-2026-32423
Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 8.4.0...
EUVD-2026-11951
Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 8.4.0...
CVE-2026-32423 WordPress Admin and Site Enhancements (ASE) plugin <= 8.4.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 8.4.0...
CVE-2026-32423
The CVE-2026-32423 entry concerns the WordPress Admin and Site Enhancements (ASE) plugin, version
CVE-2025-64255
Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 8.0.8...
CVE-2025-64255
Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 8.0.8...
CVE-2025-64255 WordPress Admin and Site Enhancements (ASE) plugin <= 8.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 8.0.8...
CVE-2025-64255 WordPress Admin and Site Enhancements (ASE) plugin <= 8.0.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Bowo Admin and Site Enhancements ASE admin-site-enhancements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin and Site Enhancements ASE: from n/a through = 8.0.8...
CVE-2025-64255
Technical details for CVE-2025-64255 are not provided in the supplied documents. No information on affected versions, root cause, exploit scenarios, or fixes. Monitor for updates from official advisories and connected sources.
EUVD-2025-30407
Malicious code in bioql PyPI...
CVE-2025-9487
The Admin and Site Enhancements ASE WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a malicious SVG containing XSS payloads...
CVE-2025-9487 Admin and Site Enhancements < 7.9.8 - Authenticated Stored XSS via SVG
The Admin and Site Enhancements ASE WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a malicious SVG containing XSS payloads...
PT-2025-38690
Name of the Vulnerable Software and Affected Versions Admin and Site Enhancements ASE WordPress plugin versions prior to 7.9.8 Description The software does not properly sanitize SVG files when uploaded through the xmlrpc.php file, if SVG uploads are enabled. This could allow an attacker to uploa...
CVE-2024-13685
The Admin and Site Enhancements ASE WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements ASE WordPress plugin before 7.6.10...
CVE-2025-24648
CVE-2025-24648 affects WordPress Admin and Site Enhancements (ASE) plugin versions n/a through 7.6.2.1. The issue is an Incorrect Privilege Assignment that allows Privilege Escalation, with CVSS v3.1 base score 7.5 ( HIGH ) and network attack vector, high complexity, low privileges required, no u...
PT-2025-5473 · Unknown · Admin/Site Enhancements
Name of the Vulnerable Software and Affected Versions: Admin and Site Enhancements ASE versions n/a through 7.6.2 Description: The issue is related to a Missing Authorization vulnerability, allowing the exploitation of incorrectly configured access control security levels. Recommendations: For...
WordPress plugin Admin and Site Enhancements 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...