The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php

Microsoft Security Intelligence - Global Threat Activity


Learn about the world's most prevalent cyberthreats, including viruses and malware. Understand how they arrive, their detailed behaviors, infection symptoms, and how to prevent and remove them.

Listed: