2 matches found
CVE-2020-35935
The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aamuserroles POST parameter if Multiple Role support is enabled. The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios...
CVE-2020-35935
CVE-2020-35935 affects WordPress Advanced Access Manager (AAM) plugin versions prior to 6.6.2. Affected component: the aam_user_roles parameter used during profile updates with Multiple Role support enabled. Root cause: the entitlement check for adding roles did not work correctly in various cust...