Description
WordPress Plugin Advanced Access Manager is prone to multiple vulnerabilities, including privilege escalation and information disclosure vulnerabilities. An attacker may leverage these issues to bypass the expected capabilities check and perform otherwise restricted actions, or to obtain sensitive information that may help in launching further attacks. WordPress Plugin Advanced Access Manager version 6.6.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 6.6.2 or latest
References
Related Vulnerabilities
WordPress Plugin WP Statistics SQL Injection (12.6.6.1)
WordPress Plugin JS Job Manager Unspecified Vulnerability (1.0.9)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-4298)
Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-1999019)