CVE-2026-57625
CriticalCVSS 9.6Exploitation Probability (EPSS)
Low risk18th percentile — higher than 18% of all known CVEs
Summary
The Admin and Site Enhancements (ASE) Pro plugin version 8.8.5 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.
Risk Assessment
The risk involves potential execution of arbitrary JavaScript in the administrator's browser, which could lead to session theft, admin panel takeover, or malware distribution.
Recommendation
Immediately update the Admin and Site Enhancements (ASE) Pro plugin to a version newer than 8.8.5. If no update is available, temporarily disable the plugin.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in Admin and Site Enhancements (ASE) Pro <= 8.8.5 versions.

