CVE-2026-12083
Admin and Site Enhancements < 8.8.4 - Unauthenticated Administrator-Role Restoration via reset-for Parameter
CVSS Score
8.1
EPSS Score
0.0%
EPSS Percentile
0th
The Admin and Site Enhancements (ASE) WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted administrator account back to the administrator role. This is an incomplete fix of CVE-2024-43333 / CVE-2025-24648, which closed the issue for only one of the demotion paths the WordPress role API exposes.
| Vendor | unknown |
| Product | admin and site enhancements (ase) |
| Published | Jul 6, 2026 |
| Last Updated | Jul 6, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown admin and site enhancements (ase)
Be the first to know when new high vulnerabilities affecting unknown admin and site enhancements (ase) are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / Admin and Site Enhancements (ASE)
7.6.3 < 8.8.4
Unknown / admin-site-enhancements-pro
7.6.3 < 8.8.4
References
Credits
Revanth Hari Narayana Matte WPScan