CVE-2024-13685

Exploit

EPSS 0.12%
Veröffentlicht 04.03.2025 06:15:27
Zuletzt bearbeitet 14.05.2025 14:51:01
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Admin and Site Enhancements (ASE) <= 7.6.9 - IP Spoofing to Limit Login Attempt Bypass

The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10.

Mögliche Gegenmaßnahme

Admin and Site Enhancements (ASE): Update to version 7.6.10, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Admin and Site Enhancements (ASE)

Version * - 7.6.9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wpase ≫ Admin And Site Enhancements SwEditionfree SwPlatformwordpress Version < 7.6.10

Wpase ≫ Admin And Site Enhancements SwEditionpro SwPlatformwordpress Version < 7.6.10

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.31

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://wpscan.com/vulnerability/72c61904-253d-42d1-9edd-7ea2162a2f85/

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/2903d15c-4f4d-497c-b6ed-4ae32c047a8a

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-13685

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-13685

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-13685

EUVD