The Admin and Site Enhancements (ASE) WordPress plugin before 7.6.10 uses a hardcoded password in its Password Protection feature, allowing attacker to bypass the protection offered via a crafted request
https://wpscan.com/vulnerability/19051d08-16b0-466c-976b-be7b076e8e92/