WordPress Plugin Vulnerabilities

Advanced Access Manager 2.8.2 - Admin User File Read/Write

Description

The Advanced Access Manager WordPress plugin was affected by an Admin User File Read/Write security vulnerability.

Affects Plugins

Plugin icon
advanced-access-manager
Fixed in 2.8.3

References

CVE
CVE-2014-6059
URL
https://advisories.dxw.com/advisories/advanced-access-manager-allows-admin-users-to-write-arbitrary-text-to-arbitrary-locations-which-could-lead-to-arbitrary-code-execution-etc/
URL
https://seclists.org/fulldisclosure/2014/Sep/21

Classification

Type
RCE
OWASP top 10
A1: Injection
CWE
CWE-94
CVSS
7.2 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
10a1719a-28c3-4213-a55d-24f7d4efd821

Timeline

Publicly Published
2014-09-27 (about 11 years ago)
Added
2014-09-27 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-09-22
Title
Cozy Blocks < 2.1.30 - Unauthenticated Arbitrary Shortcode Execution
Published
2022-03-22
Title
Ad Injection <= 1.2.0.19 - Admin+ Stored Cross-Site Scripting & RCE
Published
2024-08-22
Title
File Manager Pro < 8.3.8 - Authenticated (Subscriber+) Arbitrary File Upload
Published
2024-11-18
Title
GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress < 7.1.6 - Unauthenticated Arbitrary Shortcode Execution via gamipress_get_user_earnings
Published
2026-01-13
Title
FluentForm < 6.1.12 - Unauthenticated Arbitrary Shortcode Execution