VYPR
High severity7.5NVD Advisory· Published Jan 1, 2021· Updated Jun 17, 2026

CVE-2020-35935

CVE-2020-35935

Description

The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.)

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.