Security Advisory

CVE-2020-35935

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-01-01 01:25:14

Last updated 2024-08-04 17:16:13

Assigner mitre

State PUBLISHED

Description

The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.)

← Browse all CVEs View on cve.org ↗