Unauthenticated Cross-Site Scripting Vulnerability in Admin and Site Enhancements Pro by WordPress
CVE-2026-57625

9.6CRITICAL

What is CVE-2026-57625?

An unauthenticated Cross-Site Scripting (XSS) vulnerability exists in the Admin and Site Enhancements (ASE) Pro plugin for WordPress, affecting versions 8.8.5 and earlier. This security flaw allows attackers to inject malicious scripts, potentially compromising user data and site integrity when unsuspecting users interact with the affected areas. Website administrators and users should take immediate action to secure their installations by updating to the latest version, thereby mitigating this vulnerability.

Affected Version(s)

Admin and Site Enhancements (ASE) Pro <= 8.8.5

References

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nguyen Ba Khanh | Patchstack Bug Bounty Program
.