[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"all-banners":3,"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0":4,"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU":11,"vulnerability-10110":17,"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU":47},[],["Island",5],{"key":6,"params":7,"result":9},"SkipToContent_34xgpJIRRkpiT6ls6jE4NHf7VpvQCQBEwi69exi4oT0",{"props":8},"{}",{"head":10},{},["Island",12],{"key":13,"params":14,"result":15},"FooterNav_JsYsxvLufb1W12aeknKZ89on0MD0bNDTiB5EYxyxmU",{"props":8},{"head":16},{},{"id":18,"detectable_with":19,"vuln_details":26,"vuln_id":44,"name":45,"published":46,"updated":27},10110,{"tool":20,"engine":23},{"id":21,"name":22},1,"Network Scanner",{"id":24,"name":25},3,"OpenVAS",{"id":18,"codename":27,"description":27,"severity":28,"risk_description":29,"public_description":30,"public_recommendation":31,"recommendation":27,"references":32,"cvssv3":36,"epss_score":37,"epss_percentile":38,"cve":39,"in_cisa_catalog":42,"date":43,"software_type":27,"vendor":27,"product":27,"ptt_exploit_capabilities":27},null,"high","If the Multiple Roles Support setting is enabled, the plugin is vulnerable to authenticated authorization bypass and, in some cases, privilege escalation. Low-privileged users could assign themselves or switch to any role with an equal or lesser user level, or any role that did not have an assigned user level. This could be done by sending a POST request to wp-admin/profile.php with typical profile update parameters and appending an aam_user_roles[] parameter set to the role they would like to use. The reason this worked is that the AAM_Backend_Manager::profileUpdate method that actually assigns these roles is triggered by the profile_update and user_register actions, and failed to use a standard capability check. The plugins aam/v1/authenticate and aam/v2/authenticate REST endpoints were set to respond to a successful login with a json-encoded copy of all metadata about the user, potentially exposing users information to an attacker or low-privileged user. This included items like the users hashed password and their capabilities and roles, as well as any custom metadata that might have been added by other plugins. This might include sensitive configuration information, which an attacker could potentially use as part of an exploit chain. Low-privileged attackers could potentially switch to a role that allowed them to either directly take over a site or could be used as part of an exploit chain, depending on which roles were configured. Furthermore attackers that are able to assign themselves a custom role using the vulnerability could view which capabilities were assigned to them, allowing them to plan the next phase of their attack.","The WordPress plugin Advanced Access Manager is prone to multiple vulnerabilities.","Update to version 6.6.2 or later.",[33,34,35],"https://www.wordfence.com/blog/2020/08/high-severity-vulnerability-patched-in-advanced-access-manager/","https://wpscan.com/vulnerability/8108a873-2b97-46fd-a269-2a259dd5b23e","https://wpscan.com/vulnerability/235844c1-e3f6-4f42-a8cf-f9a661873656",8.8,0.00373,0.58976,[40,41],"CVE-2020-35934","CVE-2020-35935",false,"2021-01-01T00:00:00Z","NETSCAN-OPENVAS-1.3.6.1.4.1.25623.1.0.112815","WordPress Advanced Access Manager Plugin \u003C 6.6.2 Multiple Vulnerabilities","2020-08-20T00:00:00Z",["Island",48],{"key":49,"params":50,"result":52},"FooterSocial_u16tCafBUeGMoDrdLfTINytP2JB5msc6iB3VDUutAoU",{"props":51},"{\"text-color\":\"gray\"}",{"head":53},{}]