Skip to main content

Admin And Site Enhancements Ase Pro

1 CVEs product

Monthly

CVE-2026-57625 CRITICAL Act Now

Stored/reflected cross-site scripting in the Admin and Site Enhancements (ASE) Pro WordPress plugin (versions 8.8.5 and earlier) allows unauthenticated remote attackers to inject malicious scripts that execute in a victim's browser once they view the affected page or follow a crafted link. Because the flaw requires no authentication and carries a scope-changing CVSS 3.1 score of 9.6, a single successful lure can lead to admin session hijacking and full site takeover. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

XSS Admin And Site Enhancements Ase Pro
NVD
CVSS 3.1
9.6
EPSS
0.3%
EPSS 0% CVSS 9.6
CRITICAL Act Now

Stored/reflected cross-site scripting in the Admin and Site Enhancements (ASE) Pro WordPress plugin (versions 8.8.5 and earlier) allows unauthenticated remote attackers to inject malicious scripts that execute in a victim's browser once they view the affected page or follow a crafted link. Because the flaw requires no authentication and carries a scope-changing CVSS 3.1 score of 9.6, a single successful lure can lead to admin session hijacking and full site takeover. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

XSS Admin And Site Enhancements Ase Pro
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy