Missing Authorization Vulnerability in Admin and Site Enhancements by wpase.com
CVE-2025-24649
4.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 24 January 2025
What is CVE-2025-24649?
A missing authorization vulnerability in the Admin and Site Enhancements (ASE) plugin for WordPress can allow attackers to exploit misconfigured access control levels. This issue could lead to unauthorized access to sensitive administrative functionalities, potentially compromising site integrity and user data. Affected versions range from n/a to 7.6.2, urging users to evaluate their configurations and apply any necessary updates.
Affected Version(s)
Admin and Site Enhancements (ASE) <= 7.6.2