Unauthenticated Cross-Site Scripting Vulnerability in Admin and Site Enhancements Pro by WordPress
CVE-2026-57625
9.6CRITICAL
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 2 July 2026
What is CVE-2026-57625?
An unauthenticated Cross-Site Scripting (XSS) vulnerability exists in the Admin and Site Enhancements (ASE) Pro plugin for WordPress, affecting versions 8.8.5 and earlier. This security flaw allows attackers to inject malicious scripts, potentially compromising user data and site integrity when unsuspecting users interact with the affected areas. Website administrators and users should take immediate action to secure their installations by updating to the latest version, thereby mitigating this vulnerability.
Affected Version(s)
Admin and Site Enhancements (ASE) Pro <= 8.8.5
References
CVSS V3.1
Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Nguyen Ba Khanh | Patchstack Bug Bounty Program