WordPress Plugin Vulnerabilities

Advanced Access Manager < 6.6.2 - Authenticated Authorization Bypass and Privilege Escalation

Description

A low-privileged user could assign themselves or switch to any role with an equal or lesser user level, or any role that did not have an assigned user level. This could be done by sending a POST request to wp-admin/profile.php with typical profile update parameters and appending a aam_user_roles[] parameter set to the role they would like to use.

Affects Plugins

Plugin icon
advanced-access-manager
Fixed in 6.6.2

References

CVE
CVE-2020-35935
URL
https://www.wordfence.com/blog/2020/08/high-severity-vulnerability-patched-in-advanced-access-manager/

Miscellaneous

Original Researcher
Ram Gall (Wordfence)
Verified
No
WPVDB ID
235844c1-e3f6-4f42-a8cf-f9a661873656

Timeline

Publicly Published
2020-08-20 (about 5 years ago)
Added
2020-08-20 (about 5 years ago)
Last Updated
2021-01-03 (about 5 years ago)

Other

Published
Title
Published
2019-05-20
Title
FV Flowplayer Video Player < 7.3.15.727 - CSV Export
Published
2025-01-21
Title
AdForest < 5.1.9 - Authentication Bypass
Published
2016-03-03
Title
Antioch Theme - Arbitrary File Download
Published
2019-02-02
Title
Meta Box < 4.16.3 - Unauthorised File Deletion
Published
2023-07-27
Title
Change WP Admin < 1.1.4 - Secret Login Page Disclosure