Security Advisory

CVE-2025-9487

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-22 06:00:14

Last updated 2025-09-22 16:10:43

Assigner WPScan

State PUBLISHED

Description

The Admin and Site Enhancements (ASE) WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a malicious SVG containing XSS payloads

← Browse all CVEs View on cve.org ↗