CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51674 – WordPress Advanced Access Manager Plugin <= 6.9.18 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-51674
27 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18. La vulnerabilidad de neutralización incorrecta de la entrada durante de generación de páginas web ('Cross-site Scripting') en AAM Advanced Access Manager – Restricted ... • https://patchstack.com/database/vulnerability/advanced-access-manager/wordpress-advanced-access-manager-plugin-6-9-18-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51675 – WordPress Advanced Access Manager Plugin <= 6.9.18 is vulnerable to Open Redirection
https://notcve.org/view.php?id=CVE-2023-51675
27 Dec 2023 — URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18. Vulnerabilidad de redirección de URL a un sitio que no es de confianza ("Open Redirect") en AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More. Este problema afecta a Advanc... • https://patchstack.com/database/vulnerability/advanced-access-manager/wordpress-advanced-access-manager-plugin-6-9-18-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50881 – WordPress Advanced Access Manager Plugin <= 6.9.15 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-50881
26 Dec 2023 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.15. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en AAM Advanced Access Manager – Restricted ... • https://patchstack.com/database/vulnerability/advanced-access-manager/wordpress-advanced-access-manager-plugin-6-9-15-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24830 – Advanced Access Manager < 6.8.0 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24830
19 Oct 2021 — The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed El plugin Advanced Access Manager de WordPress versiones anteriores a 6.8.0, no escapa de algunas de sus configuraciones cuando las emite, que permite a usuarios con privilegios elevados llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfi... • https://plugins.trac.wordpress.org/changeset/2616161 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35934 – Advanced Access Manager <= 6.6.1 - Authenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2020-35934
20 Aug 2020 — The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate). This is a security problem if this object stores information that the user is not supposed to have (e.g., custom metadata added by a different plugin). El plugin Advanced Access Manager versiones anteriores a 6.6.2 para WordPress, muestra el objeto de usuario sin filtrar (incluyendo todos los metadatos) al iniciar... • https://www.wordfence.com/blog/2020/08/high-severity-vulnerability-patched-in-advanced-access-manager • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35935 – Advanced Access Manager <= 6.6.1 - Authenticated Authorization Bypass and Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-35935
14 Aug 2020 — The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.) El plugin Advanced Access Manager versiones anteriores a 6.6.2 para WordPress, permite una escalada de privilegios en las actualizaciones de perfil por medio del parámetro POST aam_user_roles si la compatibilid... • https://www.wordfence.com/blog/2020/08/high-severity-vulnerability-patched-in-advanced-access-manager • CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-25213 – Advanced Access Manager <= 5.9.8.1 - Unauthenticated Arbitrary File Read
https://notcve.org/view.php?id=CVE-2019-25213
09 Sep 2019 — The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php • https://www.wordfence.com/threat-intel/vulnerabilities/id/55e0f0df-7be2-4e18-988c-2cc558768eff?source=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 14%CPEs: 1EXPL: 2CVE-2014-6059 – Advanced Access Manager <= 2.8.2 - Arbitrary File Overwrite
https://notcve.org/view.php?id=CVE-2014-6059
20 Aug 2014 — WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability WordPress Advanced Access Manager Plugin versiones anteriores a la versión 2.8.2, tiene una Vulnerabilidad de Sobrescritura de Archivos Arbitrarios. WordPress Advanced Access Manager plugin version 2.8.2 suffers from arbitrary file write and code execution vulnerabilities. • https://packetstorm.news/files/id/128137 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •