Admin And Site Enhancements Ase Pro
Monthly
Stored/reflected cross-site scripting in the Admin and Site Enhancements (ASE) Pro WordPress plugin (versions 8.8.5 and earlier) allows unauthenticated remote attackers to inject malicious scripts that execute in a victim's browser once they view the affected page or follow a crafted link. Because the flaw requires no authentication and carries a scope-changing CVSS 3.1 score of 9.6, a single successful lure can lead to admin session hijacking and full site takeover. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.
Stored/reflected cross-site scripting in the Admin and Site Enhancements (ASE) Pro WordPress plugin (versions 8.8.5 and earlier) allows unauthenticated remote attackers to inject malicious scripts that execute in a victim's browser once they view the affected page or follow a crafted link. Because the flaw requires no authentication and carries a scope-changing CVSS 3.1 score of 9.6, a single successful lure can lead to admin session hijacking and full site takeover. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.