CVE-2024-13685

MEDIUM

Admin and Site Enhancements WordPress Plugin < 7.6.10 - Authentication Bypass via IP Header Spoofing

Title source: llm

Description

The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10.

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit vdb-entry technical-description

https://wpscan.com/vulnerability/72c61904-253d-42d1-9edd-7ea2162a2f85/

Scores

CVSS v3 5.3

EPSS 0.0034

EPSS Percentile 25.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-290

Status published

Products (1)

wpase/admin_and_site_enhancements < 7.6.10 (2 CPE variants)

Published Mar 04, 2025

Tracked Since Feb 18, 2026