5 CVEs

AAM Vulnerabilities

CVE security advisories and vulnerability history for AAM.

5

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

0

Public exploits

With known exploit

6.1

Avg CVSS

2023–2024

Overview

AAM has 5 published CVE records since 2023, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 0 have a known public exploit. The average CVSS base score across scored CVEs is 6.1.

This page aggregates every publicly disclosed vulnerability (CVE) affecting AAM products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of AAM's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical0

High1

Medium4

Low0

In CISA’s Known Exploited Vulnerabilities catalog

0

None of AAM's CVEs are currently listed in CISA's KEV catalog.

Public exploits

0

No AAM CVEs currently have a tracked public exploit.

Most affected products

The AAM products with the most published CVEs.

advanced access manager5 CVEs
Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More3 CVEs

Common weakness types

The CWE weakness categories most often found in AAM CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish AAM CVE records.

Patchstack5 CVEs

Disclosure activity by year

How many AAM CVEs were published each year.

2023

2

2024

3

Latest AAM CVEs

The most recently disclosed vulnerabilities affecting AAM.

WordPress Advanced Access Manager plugin <= 6.9.20 - Cross Site Scripting (XSS) vulnerability
CWE-79
Medium · CVSS 5.9
EPSS 0.1%2024-03-19
WordPress Advanced Access Manager plugin <= 6.9.20 - Reflected Cross Site Scripting (XSS) vulnerability
CWE-79
High · CVSS 7.1
EPSS 0.1%2024-03-19
WordPress Advanced Access Manager Plugin <= 6.9.18 is vulnerable to Cross Site Scripting (XSS)
CWE-79
Medium · CVSS 6.5
EPSS 0.1%2024-02-01
WordPress Advanced Access Manager Plugin <= 6.9.18 is vulnerable to Open Redirection
CWE-601
Medium · CVSS 4.7
EPSS 0.2%2023-12-29
WordPress Advanced Access Manager Plugin <= 6.9.15 is vulnerable to Cross Site Scripting (XSS)
CWE-79
Medium · CVSS 6.5
EPSS 0.2%2023-12-29

Track new AAM CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor AAM CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

microsoft24,097 CVEs Linux19,131 CVEs google14,281 CVEs apple14,019 CVEs oracle10,440 CVEs debian10,201 CVEs IBM8,265 CVEs Adobe7,222 CVEs

Browse all vendors

Frequently asked questions

Common questions about AAM vulnerabilities.

How many CVEs does AAM have?

AAM has 5 published CVE records since 2023, including 0 in the last two years.

How many AAM CVEs are in CISA KEV?

None of AAM's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Which AAM products have the most CVEs?

The AAM products with the most published CVEs are advanced access manager, Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More.

What are the most common weakness types in AAM CVEs?

AAM's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-601 (URL Redirection to Untrusted Site ('Open Redirect')).

Are there public exploits for AAM vulnerabilities?

No AAM CVEs currently have a tracked public exploit in this dataset.

What is the average severity of AAM CVEs?

The average CVSS base score across AAM's scored CVEs is 6.1.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track AAM vulnerabilities

Monitor new AAM vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing