Critical severity9.8NVD Advisory· Published Oct 16, 2024· Updated Jun 17, 2026
CVE-2019-25213
CVE-2019-25213
Description
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <=5.9.8.1
- vasyltech/Advanced Access Manager – Access Governance for WordPressv5Range: 0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.