4 matches found
CVE-2020-35935
The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aamuserroles POST parameter if Multiple Role support is enabled. The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios...
Privilege escalation
The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aamuserroles POST parameter if Multiple Role support is enabled. The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios...
PT-2021-11869 · WordPress · Aam Advanced Access Manager
Name of the Vulnerable Software and Affected Versions: Advanced Access Manager plugin versions prior to 6.6.2 for WordPress Description: The issue allows privilege escalation on profile updates via the aam user roles POST parameter if Multiple Role support is enabled. The mechanism for deciding...
WordPress 3.5-3.5.1 Multiple Role Remote Privilege Escalation
...