Vulnerabilities > Vasyltech

DATE CVE VULNERABILITY TITLE RISK
2024-10-16 CVE-2019-25213 Path Traversal vulnerability in Vasyltech Advanced Access Manager
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter.
network
low complexity
vasyltech CWE-22
7.5
2024-02-01 CVE-2023-51674 Unspecified vulnerability in Vasyltech Advanced Access Manager
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18.
network
low complexity
vasyltech
5.4
2023-12-29 CVE-2023-51675 Unspecified vulnerability in Vasyltech Advanced Access Manager
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18.
network
low complexity
vasyltech
5.4
2023-12-29 CVE-2023-50881 Unspecified vulnerability in Vasyltech Advanced Access Manager
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.15.
network
low complexity
vasyltech
5.4
2021-11-23 CVE-2021-24830 Unspecified vulnerability in Vasyltech Advanced Access Manager
The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
network
low complexity
vasyltech
4.8
2021-01-01 CVE-2020-35935 Unspecified vulnerability in Vasyltech Advanced Access Manager
The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled.
network
low complexity
vasyltech
8.8
2021-01-01 CVE-2020-35934 Information Exposure vulnerability in Vasyltech Advanced Access Manager
The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate).
network
low complexity
vasyltech CWE-200
4.3
2020-01-13 CVE-2014-6059 Unspecified vulnerability in Vasyltech Advanced Access Manager
WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability
network
low complexity
vasyltech
7.2