WordPress Plugin Vulnerabilities

Advanced Access Manager < 6.6.2 - Authenticated Information Disclosure

Description

The plugin’s aam/v1/authenticate and aam/v2/authenticate REST endpoints were set to respond to a successful login with a json-encoded copy of all metadata about the user, potentially exposing users’ information to an attacker or low-privileged user. This included items like the user’s hashed password and their capabilities and roles, as well as any custom metadata that might have been added by other plugins. This might include sensitive configuration information, which an attacker could potentially use as part of an exploit chain.

Affects Plugins

Plugin icon
advanced-access-manager
Fixed in 6.6.2

References

CVE
CVE-2020-35934
URL
https://www.wordfence.com/blog/2020/08/high-severity-vulnerability-patched-in-advanced-access-manager/

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Ram Gall (Wordfence)
Verified
No
WPVDB ID
8108a873-2b97-46fd-a269-2a259dd5b23e

Timeline

Publicly Published
2020-08-20 (about 5 years ago)
Added
2020-08-20 (about 5 years ago)
Last Updated
2021-01-02 (about 5 years ago)

Other

Published
Title
Published
2025-06-10
Title
WP-DownloadManager < 1.68.11 - Authenticated (Administrator+) Arbitrary File Read
Published
2025-12-31
Title
Direct Payments WP <= 1.3.0 - Authenticated (Subscriber+) Sensitive Information Exposure
Published
2025-09-22
Title
Quiz Maker < 6.7.0.66 - Unauthenticated Sensitive Information Exposure
Published
2021-08-23
Title
Timetable and Event Schedule by MotoPress < 2.4.0 - Arbitrary User's Hashed Password/Email/Username Disclosure
Published
2025-01-13
Title
Event monster < 1.4.4 - Information Exposure Via Visitors List Export