First published: Mon Jan 27 2025(Updated: )
Missing Authorization vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7.6.1.1.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
NotFound Admin and Site Enhancements Pro | <=7.6.1.1 | |
WordPress Admin and Site Enhancements | <=7.6.1.1 |
Update the WordPress Admin and Site Enhancements (ASE) Pro wordpress plugin to the latest available version (at least 7.6.3).
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-24653 is classified as a critical vulnerability due to its potential for unauthorized access.
To fix CVE-2025-24653, update your NotFound Admin and Site Enhancements (ASE) Pro to the latest version beyond 7.6.1.1.
CVE-2025-24653 affects NotFound Admin and Site Enhancements (ASE) Pro versions up to 7.6.1.1 and the WordPress Admin and Site Enhancements (ASE) Pro Plugin.
CVE-2025-24653 can be exploited to gain unauthorized access, potentially allowing attackers to manipulate site settings or access sensitive information.
There is no official workaround for CVE-2025-24653; upgrading to a patched version is the recommended solution.