WordPress Advanced Access Manager Plugin prior to 2.8.2 has an Arbitrary File Overwrite Vulnerability
vasyltech advanced access manager