Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for admin-site-enhancements-pro by Unknown

    CVE-2026-12083 (GCVE-0-2026-12083)

    Vulnerability from nvd – Published: 2026-07-06 06:00 – Updated: 2026-07-06 06:00
    VLAI
    Title
    Admin and Site Enhancements < 8.8.4 - Unauthenticated Administrator-Role Restoration via reset-for Parameter
    Summary
    The Admin and Site Enhancements (ASE) WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted administrator account back to the administrator role. This is an incomplete fix of CVE-2024-43333 / CVE-2025-24648, which closed the issue for only one of the demotion paths the WordPress role API exposes.
    Severity
    No CVSS data available.
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/a0c94f7f-6314-4f… exploitvdb-entrytechnical-description
    Impacted products
    Credits
    Revanth Hari Narayana Matte WPScan
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Admin and Site Enhancements (ASE)",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "8.8.4",
                  "status": "affected",
                  "version": "7.6.3",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "admin-site-enhancements-pro",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "8.8.4",
                  "status": "affected",
                  "version": "7.6.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Revanth Hari Narayana Matte"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Admin and Site Enhancements (ASE) WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted administrator account back to the administrator role. This is an incomplete fix of CVE-2024-43333 / CVE-2025-24648, which closed the issue for only one of the demotion paths the WordPress role API exposes."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T06:00:02.042Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/a0c94f7f-6314-4ff2-bb92-ec02146975ff/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Admin and Site Enhancements \u003c 8.8.4 - Unauthenticated Administrator-Role Restoration via reset-for Parameter",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2026-12083",
        "datePublished": "2026-07-06T06:00:02.042Z",
        "dateReserved": "2026-06-12T13:04:18.229Z",
        "dateUpdated": "2026-07-06T06:00:02.042Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-12083 (GCVE-0-2026-12083)

    Vulnerability from cvelistv5 – Published: 2026-07-06 06:00 – Updated: 2026-07-06 06:00
    VLAI
    Title
    Admin and Site Enhancements < 8.8.4 - Unauthenticated Administrator-Role Restoration via reset-for Parameter
    Summary
    The Admin and Site Enhancements (ASE) WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted administrator account back to the administrator role. This is an incomplete fix of CVE-2024-43333 / CVE-2025-24648, which closed the issue for only one of the demotion paths the WordPress role API exposes.
    Severity
    No CVSS data available.
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/a0c94f7f-6314-4f… exploitvdb-entrytechnical-description
    Impacted products
    Credits
    Revanth Hari Narayana Matte WPScan
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Admin and Site Enhancements (ASE)",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "8.8.4",
                  "status": "affected",
                  "version": "7.6.3",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "admin-site-enhancements-pro",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "8.8.4",
                  "status": "affected",
                  "version": "7.6.3",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Revanth Hari Narayana Matte"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Admin and Site Enhancements (ASE) WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted administrator account back to the administrator role. This is an incomplete fix of CVE-2024-43333 / CVE-2025-24648, which closed the issue for only one of the demotion paths the WordPress role API exposes."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-269 Improper Privilege Management",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-06T06:00:02.042Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/a0c94f7f-6314-4ff2-bb92-ec02146975ff/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Admin and Site Enhancements \u003c 8.8.4 - Unauthenticated Administrator-Role Restoration via reset-for Parameter",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2026-12083",
        "datePublished": "2026-07-06T06:00:02.042Z",
        "dateReserved": "2026-06-12T13:04:18.229Z",
        "dateUpdated": "2026-07-06T06:00:02.042Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }