VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 9 known issues Latest disclosed Feb 27, 2026

Admin and Site Enhancements (ASE) Vulnerabilities

Review known vulnerability records for the WordPress plugin Admin and Site Enhancements (ASE) (`admin-site-enhancements`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-32423, CVE-2025-64255 and CVE-2025-9487, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
9
High or Critical
2
Patch Coverage
100%
Last Updated
Apr 15, 2026
Priority CVE Quick Links

Fast paths into Admin and Site Enhancements (ASE) CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
9
CVE-2024-43333 High 7.6.3
CVE-2024-43333 Admin and Site Enhancements (ASE) Privilege Escalation

Admin and Site Enhancements (ASE) Pro <= 7.6.2.1 - Authenticated (Subscriber+) Privilege Escalation

CVE-2023-46630 High 5.8.0
CVE-2023-46630 Admin and Site Enhancements (ASE) Vulnerability

Admin and Site Enhancements (ASE) <= 5.7.1 - Password Protection Mode Security Feature Bypass

CVE-2025-9487 Medium 7.9.8
CVE-2025-9487 Admin and Site Enhancements (ASE) File Upload

Admin and Site Enhancements <= 7.9.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG

CVE-2024-10790 Medium 7.5.2
CVE-2024-10790 Admin and Site Enhancements (ASE) File Upload

Admin and Site Enhancements (ASE) <= 7.5.1 - Authenticated Stored Cross-Site Scripting via SVG

CVE-2024-13688 Medium 7.6.10
CVE-2024-13688 Admin and Site Enhancements (ASE) Vulnerability

Admin and Site Enhancements (ASE) <= 7.6.9 - Password Protection Bypass

CVE-2024-13685 Medium 7.6.10
CVE-2024-13685 Admin and Site Enhancements (ASE) Vulnerability

Admin and Site Enhancements (ASE) <= 7.6.9 - IP Spoofing to Limit Login Attempt Bypass

CVE-2026-32423 Medium 8.4.1
CVE-2026-32423 Admin and Site Enhancements (ASE) Vulnerability

Admin and Site Enhancements (ASE) <= 8.4.0 - Missing Authorization

CVE-2025-64255 Medium 8.1.0
CVE-2025-64255 Admin and Site Enhancements (ASE) Vulnerability

Admin and Site Enhancements (ASE) <= 8.0.8 - Missing Authorization

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Admin and Site Enhancements (ASE) so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
9 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 2 high severity findings.
Recent CVEs
CVE-2026-32423, CVE-2025-64255 and CVE-2025-9487
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Admin and Site Enhancements (ASE)

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-32423
CVE-2026-32423: Admin and Site Enhancements (ASE) <= 8.4.0 - Missing Authorization

The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 8.4.0. This makes it possible for authenticated attackers, with contributor-level access and above, to...

Published
Feb 27, 2026
Patched Release
8.4.1
Affected Versions
Versions up to 8.4.0
Next Step
Update to 8.4.1 or newer if supported.
Open CVE-2026-32423 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-64255
CVE-2025-64255: Admin and Site Enhancements (ASE) <= 8.0.8 - Missing Authorization

The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 8.0.8. This makes it possible for authenticated attackers, with Author-level access and above, to...

Published
Dec 15, 2025
Patched Release
8.1.0
Affected Versions
Versions up to 8.0.8
Next Step
Update to 8.1.0 or newer if supported.
Open CVE-2025-64255 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-9487
CVE-2025-9487: Admin and Site Enhancements <= 7.9.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG

The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

Published
Sep 01, 2025
Patched Release
7.9.8
Affected Versions
Versions up to 7.9.7
Next Step
Update to 7.9.8 or newer if supported.
Open CVE-2025-9487 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-13688
CVE-2024-13688: Admin and Site Enhancements (ASE) <= 7.6.9 - Password Protection Bypass

The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to Password Protection Bypass in all versions up to, and including, 7.6.9. This is due to the plugin using a hardcoded password for password protection. This makes it possible for unauthenticated attackers t...

Published
Apr 07, 2025
Patched Release
7.6.10
Affected Versions
Versions up to 7.6.9
Next Step
Update to 7.6.10 or newer if supported.
Open CVE-2024-13688 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-13685
CVE-2024-13685: Admin and Site Enhancements (ASE) <= 7.6.9 - IP Spoofing to Limit Login Attempt Bypass

The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 7.6.9 due to insufficient IP address validation. This makes it possible for unauthenticated attackers to bypass login limit restrictions.

Published
Feb 11, 2025
Patched Release
7.6.10
Affected Versions
Versions up to 7.6.9
Next Step
Update to 7.6.10 or newer if supported.
Open CVE-2024-13685 Report Open CVE Reference
Plugin High Patched: Yes CVE-2024-43333
CVE-2024-43333: Admin and Site Enhancements (ASE) Pro <= 7.6.2.1 - Authenticated (Subscriber+) Privilege Escalation

The Admin and Site Enhancements (ASE) Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 7.6.2.1. This is due to the plugin not properly restricting user's ability to utilize the “View Admin as Role” feature. This makes it possibl...

Published
Feb 03, 2025
Patched Release
7.6.3
Affected Versions
Versions up to 7.6.2.1
Next Step
Update to 7.6.3 or newer if supported.
Open CVE-2024-43333 Report Open CVE Reference
Plugin Low Patched: Yes CVE-2025-24649
CVE-2025-24649: Admin and Site Enhancements (ASE) <= 7.6.2 - Missing Authorization

The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 7.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above,...

Published
Jan 24, 2025
Patched Release
7.6.3
Affected Versions
Versions up to 7.6.2
Next Step
Update to 7.6.3 or newer if supported.
Open CVE-2025-24649 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-10790
CVE-2024-10790: Admin and Site Enhancements (ASE) <= 7.5.1 - Authenticated Stored Cross-Site Scripting via SVG

The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

Published
Nov 11, 2024
Patched Release
7.5.2
Affected Versions
Versions up to 7.5.1
Next Step
Update to 7.5.2 or newer if supported.
Open CVE-2024-10790 Report Open CVE Reference
Plugin High Patched: Yes CVE-2023-46630
CVE-2023-46630: Admin and Site Enhancements (ASE) <= 5.7.1 - Password Protection Mode Security Feature Bypass

The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to security feature bypass in all versions up to, and including, 5.7.1. This is due to a flawed authentication mechanism within the maybe_process_login function. This makes it possible for unauthenticated at...

Published
Oct 25, 2023
Patched Release
5.8.0
Affected Versions
Versions up to 5.7.1
Next Step
Update to 5.8.0 or newer if supported.
Open CVE-2023-46630 Report Open CVE Reference