Vasyltech Advanced Access Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Vasyltech Advanced Access Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2019-25213 — CVSS 9.8 (critical): The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including…
CVE-2020-35935 — CVSS 7.5 (high): The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST…
CVE-2014-6059 — CVSS 7.2 (high): WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability
CVE-2024-29127 — CVSS 7.1 (high): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager allows…
CVE-2023-50881 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager –…
CVE-2023-51674 — CVSS 6.5 (medium): Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager –…
CVE-2021-24830 — CVSS 4.8 (medium): The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high…
CVE-2023-51675 — CVSS 4.7 (medium): URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles…
CVE-2020-35934 — CVSS 4.3 (medium): The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via…