๐Ÿ” CVE Alert

CVE-2026-12083

HIGH 8.1

Admin and Site Enhancements < 8.8.4 - Unauthenticated Administrator-Role Restoration via reset-for Parameter

CVSS Score
8.1
EPSS Score
0.0%
EPSS Percentile
0th

The Admin and Site Enhancements (ASE) WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted administrator account back to the administrator role. This is an incomplete fix of CVE-2024-43333 / CVE-2025-24648, which closed the issue for only one of the demotion paths the WordPress role API exposes.

Vendor unknown
Product admin and site enhancements (ase)
Published Jul 6, 2026
Last Updated Jul 6, 2026
Stay Ahead of the Next One

Get instant alerts for unknown admin and site enhancements (ase)

Be the first to know when new high vulnerabilities affecting unknown admin and site enhancements (ase) are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / Admin and Site Enhancements (ASE)
7.6.3 < 8.8.4
Unknown / admin-site-enhancements-pro
7.6.3 < 8.8.4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/a0c94f7f-6314-4ff2-bb92-ec02146975ff/

Credits

Revanth Hari Narayana Matte WPScan