← Zuruck zu CVEs
CVE-2024-13685
MEDIUM5.3
Beschreibung
The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10.
CVE Details
CVSS v3.1 Bewertung5.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht3/4/2025
Zuletzt geandert5/14/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
wpase:admin_and_site_enhancements
Schwachen (CWE)
CWE-290
Referenzen
https://wpscan.com/vulnerability/72c61904-253d-42d1-9edd-7ea2162a2f85/(contact@wpscan.com)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.