WordPress Plugin Vulnerabilities

Admin and Site Enhancements (ASE) < 5.8.0 - Password Protection Mode Security Feature Bypass

Description

The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to security feature bypass in all versions up to, and including, 5.7.1. This is due to a flawed authentication mechanism within the maybe_process_login function. This makes it possible for unauthenticated attackers to bypass the Password Protection feature and view password protected pages.

Affects Plugins

Plugin icon
admin-site-enhancements
Fixed in 5.8.0

References

CVE
CVE-2023-46630
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/0abad47f-a806-4cdd-a11f-015b997b5e86

Classification

Type
AUTHBYPASS
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-287
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Abu Hurayra (HurayraIIT)
Verified
No
WPVDB ID
6ce7d3b8-47f8-4c52-aeb5-57873feb0de9

Timeline

Publicly Published
2023-10-25 (about 2 years ago)
Added
2023-11-23 (about 2 years ago)
Last Updated
2024-01-22 (about 2 years ago)

Other

Published
Title
Published
2016-04-28
Title
Google Authenticator <= 0.47 - Two Factor Authentication Bypass
Published
2014-08-01
Title
All in One SEO Pack <= 2.1.5 - Unspecified Privilege Escalation
Published
2025-10-15
Title
Ace User Management <= 2.0.3 - Subscriber+ Authentication Bypass via Password Rest
Published
2016-12-23
Title
BuddyPress 2.0-2.7.3 - Arbitrary File Deletion
Published
2024-11-14
Title
Really Simple Security (Free, Pro, and Pro Multisite) 9.0.0 - 9.1.1.1 - Authentication Bypass