Lucene search
K
VasyltechAdvanced Access Manager

9 matches found

CVE
CVE
added 2021/01/01 1:25 a.m.134 views

CVE-2020-35934

The WordPress Advanced Access Manager plugin (AAM) prior to version 6.6.2 discloses the unfiltered user object (including all metadata) upon login via REST API endpoints aam/v1/authenticate and aam/v2/authenticate. This exposes user data that may include custom metadata from other plugins, creati...

4.3CVSS4.9AI score0.01059EPSS
CVE
CVE
added 2020/01/13 12:22 p.m.111 views

CVE-2014-6059

CVE-2014-6059 concerns the WordPress plugin Advanced Access Manager (AAM) prior to version 2.8.2. The vulnerability is an Arbitrary File Overwrite flaw that allows an admin user to write arbitrary content to arbitrary files, which could in some configurations lead to arbitrary code execution or o...

7.2CVSS6.9AI score0.03288EPSS
Web
CVE
CVE
added 2021/01/01 1:25 a.m.104 views

CVE-2020-35935

CVE-2020-35935 affects WordPress Advanced Access Manager (AAM) plugin versions prior to 6.6.2. Affected component: the aam_user_roles parameter used during profile updates with Multiple Role support enabled. Root cause: the entitlement check for adding roles did not work correctly in various cust...

8.8CVSS8.8AI score0.01463EPSS
CVE
CVE
added 2024/03/19 2:6 p.m.71 views

CVE-2024-29127

CVE-2024-29127 affects Advanced Access Manager (WordPress) up to version 6.9.20 with a Reflected XSS due to improper input neutralization in web page generation. A fixed release is 6.9.21; update to mitigate. References indicate CVSS ~7.1 (Patchstack) / ~6.1 (NVD) depending on source.

7.1CVSS8.5AI score0.00438EPSS
CVE
CVE
added 2021/11/23 7:16 p.m.63 views

CVE-2021-24830

The CVE concerns the WordPress plugin Advanced Access Manager (AAM) before version 6.8.0. The issue is that certain settings are not properly escaped when output, enabling Stored XSS by high-privilege users even when unfiltered_html is disallowed. Affected component: AAM WordPress plugin; root ca...

4.8CVSS4.7AI score0.00654EPSS
CVE
CVE
added 2023/12/29 1:57 p.m.63 views

CVE-2023-51675

Open Redirect in Advanced Access Manager (AAM) plugin for WordPress (versions ≤ 6.9.18). The CVE CVE-2023-51675 indicates authenticated (Author+) exploit path, enabling redirection to an untrusted site. The Wordfence vulnerability entry notes the issue has been patched in newer releases (≤ 6.9.18...

5.4CVSS6.7AI score0.00297EPSS
CVE
CVE
added 2024/02/01 10:22 a.m.60 views

CVE-2023-51674

CVE-2023-51674 is a Cross‑Site Scripting vulnerability in the WordPress plugin Advanced Access Manager (AAM) – Restricted Content, Users & Roles, Enhanced Security and More, affecting versions up to and including 6.9.18. The issue arises from improper neutralization of user input during web page ...

6.5CVSS6.7AI score0.00328EPSS
CVE
CVE
added 2024/10/16 6:43 a.m.59 views

CVE-2019-25213

The WordPress Advanced Access Manager plugin is affected up to version 5.9.8.1 by an unauthenticated Arbitrary File Read caused by insufficient validation on the aam-media parameter. This allows an unauthenticated attacker to read arbitrary files on the server (e.g., wp-config.php). Remediation: ...

9.8CVSS8.6AI score0.02734EPSS
CVE
CVE
added 2023/12/29 11:26 a.m.54 views

CVE-2023-50881

CVE-2023-50881 is a Stored XSS vulnerability in the WordPress plugin Advanced Access Manager (AAM) – Restricted Content, Users & Roles, Enhanced Security and More, affecting up to version 6.9.15. Root cause is Improper Neutralization of Input During Web Page Generation. Public sources (Red Hat an...

6.5CVSS6.7AI score0.00309EPSS