Summary: A significant privilege escalation vulnerability has been discovered in the Admin and Site Enhancements (ASE) plugin for WordPress, affecting versions up to 7.6.2.1. This flaw allows users to restore higher-level privileges inappropriately, which poses serious security threats. The vulnerability has been addressed in version 7.6.3 and has been tracked as CVE-2025-24648 and CVE-2024-43333.
Affected: Admin and Site Enhancements (ASE) plugin for WordPress
Keypoints :
- The vulnerability impacts both free and pro versions of the ASE plugin.
- Exploiting this flaw allows authenticated users to regain previously held higher access privileges, such as administrator rights.
- Insufficient permission checks, only relying on a nonce check, lead to this security risk.
- Patchstack recommends disabling the “View Admin as Role” feature if not necessary and auditing user roles regularly.
Source: https://www.infosecurity-magazine.com/news/wordpress-ase-plugin-flaw/