Vulnerability Database

309,540

Total vulnerabilities in the database

CVE-2024-13685

The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate their value to bypass the login limit feature in the Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10.

Published: Mar 4, 2025
Updated: Nov 16, 2025
CVE: CVE-2024-13685
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWEs:

CWE-290

Affected Software
References

Software	From	Fixed in
wpase / admin_and_site_enhancements	-	7.6.10

https://wpscan.com/vulnerability/72c61904-253d-42d1-9edd-7ea2162a2f85/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo