Primary

Context

Admin and Site Enhancements WordPress Plugin Limit Login Attempt Bypass Vulnerability

Vulnerability

Patched

A vulnerability in the Admin and Site Enhancements (ASE) WordPress plugin, affecting versions prior to 7.6.10, allows attackers to bypass the login limit feature. This is achieved by manipulating client IP addresses through untrusted headers, enabling the exploitation of the login limit functionality.

Impact

Exploitation of this vulnerability allows for bypassing the login limit feature, potentially leading to brute force attacks.

Remediation

Users can update to Admin and Site Enhancements WordPress plugin version 7.6.10 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

7.8

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

7.8

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Admin and Site Enhancements WordPress Plugin Limit Login Attempt Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Admin and Site Enhancements

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating