5.3
CVE-2024-13685
- EPSS 0.34%
- Veröffentlicht 04.03.2025 06:15:27
- Zuletzt bearbeitet 14.05.2025 14:51:01
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginAdmin and Site Enhancements (ASE) < 7.6.10 - Limit Login Attempt Bypass via IP Spoofing
Admin and Site Enhancements (ASE) <= 7.6.9 - IP Spoofing to Limit Login Attempt Bypass
The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10.
Mögliche Gegenmaßnahme
Admin and Site Enhancements (ASE): Update to version 7.6.10, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Wpase ≫ Admin And Site Enhancements SwEditionfree SwPlatformwordpress Version < 7.6.10
Wpase ≫ Admin And Site Enhancements SwEditionpro SwPlatformwordpress Version < 7.6.10
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Admin and Site Enhancements (ASE)
Version
*-7.6.9
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.254 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-290 Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
https://wpscan.com/vulnerability/72c61904-253d-42d1-9edd-7ea2162a2f85/
https://www.wordfence.com/threat-intel/vulnerabilities/id/2903d15c-4f4d-497c-b6ed-4ae32c047a8a