CVE-2025-24648

Admin and Site Enhancements (ASE) <= 7.6.2.1 - Authenticated (Subscriber+) Privilege Escalation

highIncorrect Privilege Assignment

8.8

CVSS Score

8.8

CVSS Score

high

Severity

7.6.3

Patched in

105d

Time to patch

Description

The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.6.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

CVSS Vector Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

High

Confidentiality

High

Integrity

High

Availability

Technical Details

Affected versions<=7.6.2.1

PublishedJanuary 20, 2026

Last updatedMay 4, 2026

Affected pluginadmin-site-enhancements

What Changed in the Fix

Changes introduced in v7.6.3

Loading patch diff...

Source Code

WordPress.org SVN

Vulnerable v7.6.2

Browse source Download .zip

Patched v7.6.3

Browse source Download .zip

Research Plan

Unverified

### Vulnerability Summary The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to **Authenticated Privilege Escalation** in versions up to and including **7.6.2.1**. The vulnerability exists because the plugin's settings update mechanism, specifically handled via AJAX actions, fa…

Show full research plan

Vulnerability Summary

The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to Authenticated Privilege Escalation in versions up to and including 7.6.2.1. The vulnerability exists because the plugin's settings update mechanism, specifically handled via AJAX actions, fails to perform adequate capability checks (e.g., current_user_can('manage_options')). This allows a user with Subscriber-level permissions to modify the plugin's global configuration.

By manipulating the admin_site_enhancements option, an attacker can enable modules that grant higher privileges or allow for code execution. A direct path to privilege escalation involves enabling the "Custom Code" module (which allows injecting arbitrary scripts into the admin dashboard) or enabling the "SVG Upload" module for low-privileged roles, which can be leveraged to gain Remote Code Execution (RCE) or perform XSS to hijack administrator sessions.

Attack Vector Analysis

Vulnerable Endpoint: /wp-admin/admin-ajax.php
Action: asenha_save_settings (or asenha_update_settings, inferred from plugin structure and common patterns in such vulnerabilities).
HTTP Parameter: settings (containing a serialized or array-formatted configuration for the plugin).
Authentication Level: Subscriber+ (any logged-in user).
Preconditions: The plugin must be active. No specific module needs to be enabled initially, as the attacker will enable them.

Code Flow

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/e2ca42f3-776f-4ba4-a409-863799338c85?source=api-prod

Check if your site is affected.

Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.

Run free audit Browse CVE database