Описание
The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.)
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.6.2 (исключая)
cpe:2.3:a:vasyltech:advanced_access_manager:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 58%
0.00373
Низкий
7.5 High
CVSS3
8.8 High
CVSS3
6 Medium
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.)
EPSS
Процентиль: 58%
0.00373
Низкий
7.5 High
CVSS3
8.8 High
CVSS3
6 Medium
CVSS2
Дефекты
NVD-CWE-noinfo