High severity7.5NVD Advisory· Published Jan 1, 2021· Updated Jun 17, 2026
CVE-2020-35935
CVE-2020-35935
Description
The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.)
Affected products
2- WordPress/Advanced Access Manager plugindescription
- Range: <6.6.2
Patches
Vulnerability mechanics
References
1- www.wordfence.com/blog/2020/08/high-severity-vulnerability-patched-in-advanced-access-manager/nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.