Advanced Access Manager

CVEs (10)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-42674	WordPress Advanced Access Manager	Hig	0.49	7.5	—	Jun 1, 2026	Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0.
CVE-2024-29127	Vasyltech Advanced Access Manager	Hig	0.46	7.1	0.00	Mar 19, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager allows Reflected XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20.
CVE-2023-51674	Vasyltech Advanced Access Manager	Med	0.42	6.5	0.00	Feb 1, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager – Restricted…
CVE-2023-50881	Vasyltech Advanced Access Manager	Med	0.42	6.5	0.00	Dec 29, 2023	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager – Restricted…
CVE-2024-29124	WordPress Advanced Access Manager	Med	0.38	5.9	0.00	Mar 19, 2024	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager allows Stored XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20.
CVE-2023-51675	Vasyltech Advanced Access Manager	Med	0.31	4.7	0.00	Dec 29, 2023	URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from…
CVE-2021-24830	WordPress Advanced Access Manager		0.00	—	0.00	Nov 23, 2021	The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVE-2020-35935	WordPress Advanced Access Manager		0.00	—	0.00	Jan 1, 2021	The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various…
CVE-2020-35934	WordPress Advanced Access Manager		0.00	—	0.00	Jan 1, 2021	The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate). This is a security problem if this object stores information that the user is not…
CVE-2014-6059	WordPress Advanced Access Manager		0.00	—	0.01	Jan 13, 2020	WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability

CVE-2026-42674HigJun 1, 2026
WordPress
Advanced Access Manager
risk 0.49cvss 7.5epss —
Authentication Bypass by Spoofing vulnerability in AAM Plugin Advanced Access Manager allows URL Encoding. This issue affects Advanced Access Manager: from n/a through 7.1.0.
CVE-2024-29127HigMar 19, 2024
Vasyltech
Advanced Access Manager
risk 0.46cvss 7.1epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager allows Reflected XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20.
CVE-2023-51674MedFeb 1, 2024
Vasyltech
Advanced Access Manager
risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager – Restricted…
CVE-2023-50881MedDec 29, 2023
Vasyltech
Advanced Access Manager
risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS.This issue affects Advanced Access Manager – Restricted…
CVE-2024-29124MedMar 19, 2024
WordPress
Advanced Access Manager
risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager allows Stored XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20.
CVE-2023-51675MedDec 29, 2023
Vasyltech
Advanced Access Manager
risk 0.31cvss 4.7epss 0.00
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More: from…
CVE-2021-24830Nov 23, 2021
WordPress
Advanced Access Manager
risk 0.00cvss —epss 0.00
The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVE-2020-35935Jan 1, 2021
WordPress
Advanced Access Manager
risk 0.00cvss —epss 0.00
The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various…
CVE-2020-35934Jan 1, 2021
WordPress
Advanced Access Manager
risk 0.00cvss —epss 0.00
The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object (including all metadata) upon login via the REST API (aam/v1/authenticate or aam/v2/authenticate). This is a security problem if this object stores information that the user is not…
CVE-2014-6059Jan 13, 2020
WordPress
Advanced Access Manager
risk 0.00cvss —epss 0.01
WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability