CVE-2020-35935

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Advanced Access Manager
Vendor: CVE Published:; 1 January 2021

Summary

The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.)

References

https://www.wordfence.com/blog/2020/08/high-severity-vuln...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 1, 2021
Vulnerability Reserved
Jan 1, 2021