Skip to main content

Advanced Access Manager

6 CVEs product

Monthly

CVE-2026-42674 HIGH This Week

Authentication bypass in the Advanced Access Manager (AAM) WordPress plugin through version 7.1.0 allows remote unauthenticated attackers to circumvent access controls via URL encoding manipulation, achieving high integrity impact on protected resources. The flaw is reported by Patchstack and tracked under CWE-290 (Authentication Bypass by Spoofing). No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Authentication Bypass Advanced Access Manager
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-29127 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager allows Reflected XSS.9.20. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Advanced Access Manager
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-51674 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager - Restricted Content, Users & Roles, Enhanced Security and More. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Advanced Access Manager
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51675 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager - Restricted Content, Users & Roles, Enhanced Security and More.9.18. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Advanced Access Manager
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-50881 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager - Restricted Content, Users & Roles, Enhanced Security and More. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Advanced Access Manager
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2021-24830 MEDIUM POC PATCH This Month

The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Advanced Access Manager
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
EPSS 0% CVSS 7.5
HIGH This Week

Authentication bypass in the Advanced Access Manager (AAM) WordPress plugin through version 7.1.0 allows remote unauthenticated attackers to circumvent access controls via URL encoding manipulation, achieving high integrity impact on protected resources. The flaw is reported by Patchstack and tracked under CWE-290 (Authentication Bypass by Spoofing). No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Authentication Bypass Advanced Access Manager
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager allows Reflected XSS.9.20. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Advanced Access Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager - Restricted Content, Users & Roles, Enhanced Security and More. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Advanced Access Manager
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager - Restricted Content, Users & Roles, Enhanced Security and More.9.18. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Advanced Access Manager
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager - Restricted Content, Users & Roles, Enhanced Security and More. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Advanced Access Manager
NVD
EPSS 1% CVSS 4.8
MEDIUM POC PATCH This Month

The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Advanced Access Manager
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy