CVE Catalog

CVE-2026-57625

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile — higher than 18% of all known CVEs

Summary

The Admin and Site Enhancements (ASE) Pro plugin version 8.8.5 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

Risk Assessment

The risk involves potential execution of arbitrary JavaScript in the administrator's browser, which could lead to session theft, admin panel takeover, or malware distribution.

Recommendation

Immediately update the Admin and Site Enhancements (ASE) Pro plugin to a version newer than 8.8.5. If no update is available, temporarily disable the plugin.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in Admin and Site Enhancements (ASE) Pro <= 8.8.5 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS