Vasyltech

Advanced Access Manager

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2019-25213

  • EPSS 39.58%
  • Veröffentlicht 16.10.2024 07:15:05
  • Zuletzt bearbeitet 30.10.2024 18:20:42

The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read a...

6.1

CVE-2024-29127

  • EPSS 0.13%
  • Veröffentlicht 19.03.2024 14:15:07
  • Zuletzt bearbeitet 27.02.2025 03:34:34

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager allows Reflected XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20.

5.4

CVE-2023-51674

  • EPSS 0.07%
  • Veröffentlicht 01.02.2024 11:15:10
  • Zuletzt bearbeitet 21.11.2024 08:38:35

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Man...

5.4

CVE-2023-51675

  • EPSS 0.19%
  • Veröffentlicht 29.12.2023 14:15:48
  • Zuletzt bearbeitet 21.11.2024 08:38:35

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced ...

5.4

CVE-2023-50881

  • EPSS 0.16%
  • Veröffentlicht 29.12.2023 12:15:44
  • Zuletzt bearbeitet 21.11.2024 08:37:28

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Man...

4.8

CVE-2021-24830

Exploit
  • EPSS 0.28%
  • Veröffentlicht 23.11.2021 20:15:10
  • Zuletzt bearbeitet 21.11.2024 05:53:50

The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

4.3

CVE-2020-35934

Exploit
  • EPSS 0.33%
  • Veröffentlicht 01.01.2021 02:15:13
  • Zuletzt bearbeitet 21.11.2024 05:28:32

The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate). This is a security problem if this object stores info...

8.8

CVE-2020-35935

Exploit
  • EPSS 0.37%
  • Veröffentlicht 01.01.2021 02:15:13
  • Zuletzt bearbeitet 21.11.2024 05:28:33

The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a r...

7.2

CVE-2014-6059

Exploit
  • EPSS 1.11%
  • Veröffentlicht 13.01.2020 13:15:12
  • Zuletzt bearbeitet 21.11.2024 02:13:43

WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability