Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:8108A873-2B97-46FD-A269-2A259DD5B23E
HistoryAug 20, 2020 - 12:00 a.m.

Advanced Access Manager < 6.6.2 - Authenticated Information Disclosure

2020-08-2000:00:00
wpscan.com
12
access manager
authenticated
information disclosure
rest endpoints
metadata
user information
attacker
configuration information
plugin
exploit chain

EPSS

0.001

Percentile

24.8%

JSON

The plugin’s aam/v1/authenticate and aam/v2/authenticate REST endpoints were set to respond to a successful login with a json-encoded copy of all metadata about the user, potentially exposing users’ information to an attacker or low-privileged user. This included items like the user’s hashed password and their capabilities and roles, as well as any custom metadata that might have been added by other plugins. This might include sensitive configuration information, which an attacker could potentially use as part of an exploit chain.

Related

prion 1
nvd 1
cve 1
cvelist 1
patchstack 1
openvas 1
prion
prion
Code injection
2021-01-01 02:15:00
nvd
nvd
CVE-2020-35934
2021-01-01 02:15:13
cve
cve
CVE-2020-35934
2021-01-01 02:15:13
cvelist
cvelist
CVE-2020-35934
2021-01-01 01:25:05
patchstack
patchstack
WordPress Advanced Access Manager plugin <= 6.6.1 - Authenticated Information Disclosure vulnerability
2020-04-20 00:00:00
openvas
openvas
WordPress Advanced Access Manager Plugin < 6.6.2 Multiple Vulnerabilities
2020-08-20 00:00:00

EPSS

0.001

Percentile

24.8%

JSON
Related for WPVDB-ID:8108A873-2B97-46FD-A269-2A259DD5B23E
prion1nvd1cve1cvelist1patchstack1openvas1