Search

Find a vulnerability

Search criteria

    6 vulnerabilities by wpase

    CVE-2024-13688 (GCVE-0-2024-13688)

    Vulnerability from nvd – Published: 2025-04-28 06:00 – Updated: 2025-08-27 12:00
    VLAI
    Title
    Admin and Site Enhancements (ASE) < 7.6.10 - Password Protection Bypass
    Summary
    The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a crafted request
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/19051d08-16b0-46… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Admin and Site Enhancements (ASE) Affected: 0 , < 7.6.10 (semver)
    Create a notification for this product.
    Credits
    Dogus Demirkiran WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13688",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-28T17:23:59.608976Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-28T17:24:45.710Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Admin and Site Enhancements (ASE)",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "7.6.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dogus Demirkiran"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a crafted request"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-259 Use of Hard-coded Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-27T12:00:43.055Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/19051d08-16b0-466c-976b-be7b076e8e92/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Admin and Site Enhancements (ASE) \u003c 7.6.10 - Password Protection Bypass",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-13688",
        "datePublished": "2025-04-28T06:00:01.714Z",
        "dateReserved": "2025-01-23T19:01:03.389Z",
        "dateUpdated": "2025-08-27T12:00:43.055Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-13685 (GCVE-0-2024-13685)

    Vulnerability from nvd – Published: 2025-03-04 06:00 – Updated: 2025-03-04 14:32
    VLAI
    Title
    Admin and Site Enhancements (ASE) < 7.6.10 - Limit Login Attempt Bypass via IP Spoofing
    Summary
    The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/72c61904-253d-42… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Admin and Site Enhancements (ASE) Affected: 0 , < 7.6.10 (semver)
    Create a notification for this product.
    Credits
    Dogus Demirkiran WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13685",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-04T14:31:44.400174Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-04T14:32:08.168Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Admin and Site Enhancements (ASE)",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "7.6.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dogus Demirkiran"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-290 Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-04T06:00:04.054Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/72c61904-253d-42d1-9edd-7ea2162a2f85/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Admin and Site Enhancements (ASE) \u003c 7.6.10 - Limit Login Attempt Bypass via IP Spoofing",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-13685",
        "datePublished": "2025-03-04T06:00:04.054Z",
        "dateReserved": "2025-01-23T18:49:40.091Z",
        "dateUpdated": "2025-03-04T14:32:08.168Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46630 (GCVE-0-2023-46630)

    Vulnerability from nvd – Published: 2024-06-04 09:29 – Updated: 2026-04-28 16:08
    VLAI
    Title
    WordPress Admin and Site Enhancements (ASE) plugin <= 5.7.1 - Password Protected View Bypass Vulnerability vulnerability
    Summary
    Improper Authentication vulnerability in wpase Admin and Site Enhancements (ASE) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements (ASE): from n/a through 5.7.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    wpase Admin and Site Enhancements (ASE) Affected: n/a , ≤ 5.7.1 (custom)
    Create a notification for this product.
    Credits
    Khalid (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46630",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-04T19:17:49.428413Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-05T13:52:54.494Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:53:20.852Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/admin-site-enhancements/wordpress-admin-and-site-enhancements-ase-plugin-5-7-1-password-protected-view-bypass-vulnerability-vulnerability?_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "admin-site-enhancements",
              "product": "Admin and Site Enhancements (ASE)",
              "vendor": "wpase",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "5.8.0",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "5.7.1",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Khalid (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Authentication vulnerability in wpase Admin and Site Enhancements (ASE) allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects Admin and Site Enhancements (ASE): from n/a through 5.7.1.\u003c/p\u003e"
                }
              ],
              "value": "Improper Authentication vulnerability in wpase Admin and Site Enhancements (ASE) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements (ASE): from n/a through 5.7.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:08:47.648Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/admin-site-enhancements/wordpress-admin-and-site-enhancements-ase-plugin-5-7-1-password-protected-view-bypass-vulnerability-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to 5.8.0 or a higher version."
                }
              ],
              "value": "Update to 5.8.0 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Admin and Site Enhancements (ASE) plugin \u003c= 5.7.1 - Password Protected View Bypass Vulnerability vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-46630",
        "datePublished": "2024-06-04T09:29:46.317Z",
        "dateReserved": "2023-10-24T13:10:29.307Z",
        "dateUpdated": "2026-04-28T16:08:47.648Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-13688 (GCVE-0-2024-13688)

    Vulnerability from cvelistv5 – Published: 2025-04-28 06:00 – Updated: 2025-08-27 12:00
    VLAI
    Title
    Admin and Site Enhancements (ASE) < 7.6.10 - Password Protection Bypass
    Summary
    The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a crafted request
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/19051d08-16b0-46… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Admin and Site Enhancements (ASE) Affected: 0 , < 7.6.10 (semver)
    Create a notification for this product.
    Credits
    Dogus Demirkiran WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13688",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-28T17:23:59.608976Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-28T17:24:45.710Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Admin and Site Enhancements (ASE)",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "7.6.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dogus Demirkiran"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a crafted request"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-259 Use of Hard-coded Password",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-27T12:00:43.055Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/19051d08-16b0-466c-976b-be7b076e8e92/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Admin and Site Enhancements (ASE) \u003c 7.6.10 - Password Protection Bypass",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-13688",
        "datePublished": "2025-04-28T06:00:01.714Z",
        "dateReserved": "2025-01-23T19:01:03.389Z",
        "dateUpdated": "2025-08-27T12:00:43.055Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-13685 (GCVE-0-2024-13685)

    Vulnerability from cvelistv5 – Published: 2025-03-04 06:00 – Updated: 2025-03-04 14:32
    VLAI
    Title
    Admin and Site Enhancements (ASE) < 7.6.10 - Limit Login Attempt Bypass via IP Spoofing
    Summary
    The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/72c61904-253d-42… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Admin and Site Enhancements (ASE) Affected: 0 , < 7.6.10 (semver)
    Create a notification for this product.
    Credits
    Dogus Demirkiran WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.3,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13685",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-04T14:31:44.400174Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-04T14:32:08.168Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Admin and Site Enhancements (ASE)",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "7.6.10",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Dogus Demirkiran"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-290 Authentication Bypass by Spoofing",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-04T06:00:04.054Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/72c61904-253d-42d1-9edd-7ea2162a2f85/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Admin and Site Enhancements (ASE) \u003c 7.6.10 - Limit Login Attempt Bypass via IP Spoofing",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-13685",
        "datePublished": "2025-03-04T06:00:04.054Z",
        "dateReserved": "2025-01-23T18:49:40.091Z",
        "dateUpdated": "2025-03-04T14:32:08.168Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46630 (GCVE-0-2023-46630)

    Vulnerability from cvelistv5 – Published: 2024-06-04 09:29 – Updated: 2026-04-28 16:08
    VLAI
    Title
    WordPress Admin and Site Enhancements (ASE) plugin <= 5.7.1 - Password Protected View Bypass Vulnerability vulnerability
    Summary
    Improper Authentication vulnerability in wpase Admin and Site Enhancements (ASE) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements (ASE): from n/a through 5.7.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    wpase Admin and Site Enhancements (ASE) Affected: n/a , ≤ 5.7.1 (custom)
    Create a notification for this product.
    Credits
    Khalid (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46630",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-04T19:17:49.428413Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-05T13:52:54.494Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:53:20.852Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/admin-site-enhancements/wordpress-admin-and-site-enhancements-ase-plugin-5-7-1-password-protected-view-bypass-vulnerability-vulnerability?_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "admin-site-enhancements",
              "product": "Admin and Site Enhancements (ASE)",
              "vendor": "wpase",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "5.8.0",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "5.7.1",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Khalid (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Improper Authentication vulnerability in wpase Admin and Site Enhancements (ASE) allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects Admin and Site Enhancements (ASE): from n/a through 5.7.1.\u003c/p\u003e"
                }
              ],
              "value": "Improper Authentication vulnerability in wpase Admin and Site Enhancements (ASE) allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Admin and Site Enhancements (ASE): from n/a through 5.7.1."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:08:47.648Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/admin-site-enhancements/wordpress-admin-and-site-enhancements-ase-plugin-5-7-1-password-protected-view-bypass-vulnerability-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to 5.8.0 or a higher version."
                }
              ],
              "value": "Update to 5.8.0 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Admin and Site Enhancements (ASE) plugin \u003c= 5.7.1 - Password Protected View Bypass Vulnerability vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-46630",
        "datePublished": "2024-06-04T09:29:46.317Z",
        "dateReserved": "2023-10-24T13:10:29.307Z",
        "dateUpdated": "2026-04-28T16:08:47.648Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }