Vulnerabilities

CVE-2020-35935

by Fred · 31/12/2020

The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.)

Date published : 2020-12-31

High-Severity Vulnerability Patched in Advanced Access Manager

Similar

Tags: Cybersecurity Alert