Researchers discovered two vulnerabilities in Advanced Access Manager WordPress plugin. The plugin has more than 100,000 installations. One of the vulnerabilities is severe and could lead to privilege escalation and site takeover.
The Wordfence Threat Intelligence team discovered the vulnerabilities. They got in touch with the plugin’s authors and promptly received a response. As a result, a patch was released shortly after the disclosure. Users of the plugin should install version 6.6.2 to avoid any issues.
Advanced Access Manager Vulnerabilities
The more severe vulnerability leads to authenticated Authorization Bypass and Privilege Escalation, with a CVSS score of 7.5.
Advanced Access Manager enables fine-grained access control and can assign multiple roles to a single user. If the “Multiple Roles Support” setting is active, the plugin is prone to authenticated authorization bypass. Privilege escalation is another attack scenario.
The second vulnerability could lead to authenticated information disclosure. Its severity score is 4.3 (medium).
Advanced Access Manager also allows users to login via the WordPress REST API. The plugin’s aam/v1/authenticate and aam/v2/authenticate REST endpoints were set to respond to a successful login with a json-encoded copy of all user metadata. This exposed users’ information to an attacker or low-privileged user. Exposed items include the user’s hashed password and permissions and roles. Any custom metadata that might have been added by other plugins could also be revealed.
Wordfence recommends updating to the latest version of the Advanced Access Manager plugin, version 6.6.2.
This month, the same researchers unveiled two security flaws in another plugin – Quiz and Survey Master (QSM).
The flaws, rated as critical, could lead to remote code execution attacks. In these attacks, hackers upload arbitrary files or delete files such as wp-config.php from the targeted site. These actions could lead to taking affected pages offline or taking control over them.
Follow HowToHosting.Guide for more WordPress security news.