9 matches found
CVE-2020-35934
The WordPress Advanced Access Manager plugin (AAM) prior to version 6.6.2 discloses the unfiltered user object (including all metadata) upon login via REST API endpoints aam/v1/authenticate and aam/v2/authenticate. This exposes user data that may include custom metadata from other plugins, creati...
CVE-2014-6059
CVE-2014-6059 concerns the WordPress plugin Advanced Access Manager (AAM) prior to version 2.8.2. The vulnerability is an Arbitrary File Overwrite flaw that allows an admin user to write arbitrary content to arbitrary files, which could in some configurations lead to arbitrary code execution or o...
CVE-2020-35935
CVE-2020-35935 affects WordPress Advanced Access Manager (AAM) plugin versions prior to 6.6.2. Affected component: the aam_user_roles parameter used during profile updates with Multiple Role support enabled. Root cause: the entitlement check for adding roles did not work correctly in various cust...
CVE-2024-29127
CVE-2024-29127 affects Advanced Access Manager (WordPress) up to version 6.9.20 with a Reflected XSS due to improper input neutralization in web page generation. A fixed release is 6.9.21; update to mitigate. References indicate CVSS ~7.1 (Patchstack) / ~6.1 (NVD) depending on source.
CVE-2021-24830
The CVE concerns the WordPress plugin Advanced Access Manager (AAM) before version 6.8.0. The issue is that certain settings are not properly escaped when output, enabling Stored XSS by high-privilege users even when unfiltered_html is disallowed. Affected component: AAM WordPress plugin; root ca...
CVE-2023-51675
Open Redirect in Advanced Access Manager (AAM) plugin for WordPress (versions ≤ 6.9.18). The CVE CVE-2023-51675 indicates authenticated (Author+) exploit path, enabling redirection to an untrusted site. The Wordfence vulnerability entry notes the issue has been patched in newer releases (≤ 6.9.18...
CVE-2023-51674
CVE-2023-51674 is a Cross‑Site Scripting vulnerability in the WordPress plugin Advanced Access Manager (AAM) – Restricted Content, Users & Roles, Enhanced Security and More, affecting versions up to and including 6.9.18. The issue arises from improper neutralization of user input during web page ...
CVE-2019-25213
The WordPress Advanced Access Manager plugin is affected up to version 5.9.8.1 by an unauthenticated Arbitrary File Read caused by insufficient validation on the aam-media parameter. This allows an unauthenticated attacker to read arbitrary files on the server (e.g., wp-config.php). Remediation: ...
CVE-2023-50881
CVE-2023-50881 is a Stored XSS vulnerability in the WordPress plugin Advanced Access Manager (AAM) – Restricted Content, Users & Roles, Enhanced Security and More, affecting up to version 6.9.15. Root cause is Improper Neutralization of Input During Web Page Generation. Public sources (Red Hat an...