CVE-2026-12083
HIGH SEVERITYCVSS Score & Metrics
Base Score
8.1 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Description
The Admin and Site Enhancements (ASE) WordPress plugin before 8.8.4, admin-site-enhancements-pro WordPress plugin before 8.8.4 does not perform authentication, authorization, or nonce checks on a role-restoration request handler, allowing unauthenticated attackers to restore a previously demoted administrator account back to the administrator role. This is an incomplete fix of CVE-2024-43333 / CVE-2025-24648, which closed the issue for only one of the demotion paths the WordPress role API exposes.
Vulnerability Details
Published Date
Last Modified
Source
NVD
Vendor
Unknown
Product
Admin and Site Enhancements (ASE), admin-site-enhancements-pro
Discussion (0)
Add Comment
No comments yet. Be the first!