ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Advanced Access Manager plugin <= 5.9.8.1 - Arbitrary File Access/Download vulnerability

Product
Advanced Access Manager
Description
Arbitrary File Access/Download vulnerability found by "Props to Ov3rfly" in WordPress Advanced Access Manager plugin (versions <= 5.9.8.1).
Solution
Update the WordPress Advanced Access Manager plugin to the latest available version (at least 5.9.9).
Classification
Type BYPASS
OWASP Top 10 A7: Missing Function Level Access Control
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 5.9.8.1
Fixed In 5.9.9
Disclosure date
2019-09-09
Credits
Props to Ov3rfly
Submitter
ThreatPress