Medium severity4.7NVD Advisory· Published Sep 22, 2025· Updated Apr 15, 2026
CVE-2025-9487
CVE-2025-9487
Description
The Admin and Site Enhancements (ASE) WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when such uploads are enabled, which could allow users to upload a malicious SVG containing XSS payloads
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<7.9.8+ 1 more
- (no CPE)range: <7.9.8
- (no CPE)range: <7.9.8
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.