CVE-2024-13688

Summary

The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a crafted request

Affected Software

VendorProductVersion RangeStatus
UnknownAdmin and Site Enhancements (ASE)0 < 7.6.10affected

Weaknesses

  • CWE-259 Use of Hard-coded Password

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References