CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive file...

7.5CVSS5.8AI score

Exploits0References2

NVD•added 2024/10/16 7:15 a.m.•11 views

CVE-2019-25213

9.8CVSS0.02711EPSS

Exploits1References2

Vulnrichment•added 2024/10/16 6:43 a.m.•10 views

CVE-2019-25213 Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read

9.8CVSS7AI score0.02711EPSS

Exploits1References2

VulnCheck KEV•added 2024/10/15 12:0 a.m.•3 views

VulnCheck KEV: CVE-2019-25213

9.8CVSS5.8AI score0.02711EPSS

Exploits1References1

NVD•added 2024/03/19 3:15 p.m.•14 views

CVE-2024-29124

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AAM Advanced Access Manager allows Stored XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20...

5.9CVSS5.7AI score0.00375EPSS

Exploits0References1

CVE•added 2024/03/19 2:27 p.m.•71 views

CVE-2024-29124

CVE-2024-29124 is an improper input neutralization leading to Stored XSS in AAM Advanced Access Manager (WordPress plugin). Affected versions: up to 6.9.20 (inclusive). Public details show the vulnerability is tied to how input is processed for web page generation. The Red Hat advisory reiterates...

5.9CVSS8.6AI score0.00375EPSS

Exploits0References1

NVD•added 2024/03/19 2:15 p.m.•16 views

CVE-2024-29127

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AAM Advanced Access Manager allows Reflected XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20...

7.1CVSS6.9AI score0.00438EPSS

Exploits0References1

Cvelist•added 2024/03/19 2:6 p.m.•23 views

CVE-2024-29127 WordPress Advanced Access Manager plugin <= 6.9.20 - Reflected Cross Site Scripting (XSS) vulnerability

7.1CVSS7.1AI score0.00438EPSS

Exploits0References1

CVE•added 2024/03/19 2:6 p.m.•65 views

CVE-2024-29127

CVE-2024-29127 affects Advanced Access Manager (WordPress) up to version 6.9.20 with a Reflected XSS due to improper input neutralization in web page generation. A fixed release is 6.9.21; update to mitigate. References indicate CVSS ~7.1 (Patchstack) / ~6.1 (NVD) depending on source.

7.1CVSS8.5AI score0.00438EPSS

Exploits0References1Affected Software1

Prion•added 2024/02/01 11:15 a.m.•12 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhance...

4.9CVSS7AI score0.00328EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/02/01 10:22 a.m.•22 views

CVE-2023-51674 WordPress Advanced Access Manager Plugin <= 6.9.18 is vulnerable to Cross Site Scripting (XSS)

6.5CVSS6.7AI score0.00328EPSS

Exploits0References1

CVE•added 2024/02/01 10:22 a.m.•54 views

CVE-2023-51674

CVE-2023-51674 is a Cross‑Site Scripting vulnerability in the WordPress plugin Advanced Access Manager (AAM) – Restricted Content, Users & Roles, Enhanced Security and More, affecting versions up to and including 6.9.18. The issue arises from improper neutralization of user input during web page ...

6.5CVSS6.7AI score0.00328EPSS

Exploits0References1Affected Software1

NVD•added 2023/12/29 2:15 p.m.•17 views

CVE-2023-51675

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18...

5.4CVSS0.00297EPSS

Exploits0References1

Prion•added 2023/12/29 2:15 p.m.•18 views

Open redirect

4.9CVSS7.1AI score0.00297EPSS

Exploits0References1Affected Software1

CVE•added 2023/12/29 1:57 p.m.•62 views

CVE-2023-51675

Open Redirect in Advanced Access Manager (AAM) plugin for WordPress (versions ≤ 6.9.18). The CVE CVE-2023-51675 indicates authenticated (Author+) exploit path, enabling redirection to an untrusted site. The Wordfence vulnerability entry notes the issue has been patched in newer releases (≤ 6.9.18...

5.4CVSS6.7AI score0.00297EPSS

Exploits0References1Affected Software1

NVD•added 2023/12/29 12:15 p.m.•17 views

CVE-2023-50881

6.5CVSS0.00309EPSS

Exploits0References1

Prion•added 2023/12/29 12:15 p.m.•13 views

Cross site scripting

4.9CVSS7AI score0.00309EPSS

Exploits0References1Affected Software1

Rows per page