PT-2025-18042 · WordPress · Admin/Site Enhancements (Ase) Wordpress Plugin
Dogus Demirkiran
·
Published
2025-04-28
·
Updated
2025-04-28
·
CVE-2024-13688
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Admin and Site Enhancements (ASE) WordPress plugin versions prior to 7.6.10
Description
The issue concerns the use of a hardcoded password in the Password Protection feature of the Admin and Site Enhancements (ASE) WordPress plugin. This allows an attacker to bypass the protection offered by the plugin via a crafted request.
Recommendations
For versions prior to 7.6.10, update to version 7.6.10 or later to resolve the issue. As a temporary workaround, consider disabling the Password Protection feature until a patch is available. Restrict access to the Password Protection module to minimize the risk of exploitation. Avoid using the hardcoded password in the affected feature until the issue is resolved.
Exploit
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Admin/Site Enhancements (Ase) Wordpress Plugin