CVE-2025-9487

Name of the Vulnerable Software and Affected Versions Admin and Site Enhancements (ASE) WordPress plugin versions prior to 7.9.8

Description The software does not properly sanitize SVG files when uploaded through the xmlrpc.php file, if SVG uploads are enabled. This could allow an attacker to upload a malicious SVG file containing cross-site scripting (XSS) payloads.

Recommendations Update to version 7.9.8 or later.