CVE-2024-13685

MEDIUM

Wpase Admin And Site Enhancements - Authentication Bypass by Spoofing

Title source: rule

Description

The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10.

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/72c61904-253d-42d1-9edd-7ea2162a2f85/

Scores

CVSS v3 5.3

EPSS 0.0013

EPSS Percentile 32.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-290

Status published

Products (1)

wpase/admin_and_site_enhancements < 7.6.10 (2 CPE variants)

Published Mar 04, 2025

Tracked Since Feb 18, 2026