Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
vasyltech advanced access manager vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-50881
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager &ndas...
Vasyltech Advanced Access Manager
8.8
CVSSv3
CVE-2020-35935
The Advanced Access Manager plugin prior to 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various ...
Vasyltech Advanced Access Manager
4.3
CVSSv3
CVE-2020-35934
The Advanced Access Manager plugin prior to 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate). This is a security problem if this object stores information that the user is not...
Vasyltech Advanced Access Manager
4.8
CVSSv3
CVE-2021-24830
The Advanced Access Manager WordPress plugin prior to 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Vasyltech Advanced Access Manager
5.4
CVSSv3
CVE-2023-51675
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced ...
Vasyltech Advanced Access Manager
5.4
CVSSv3
CVE-2023-51674
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager &ndas...
Vasyltech Advanced Access Manager
7.2
CVSSv3
CVE-2014-6059
WordPress Advanced Access Manager Plugin prior to 2.8.2 has an Arbitrary File Overwrite Vulnerability
Vasyltech Advanced Access Manager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started