CVE-2019-25213 — CRITICAL (9.8)

Q: How severe is CVE-2019-25213?

CVE-2019-25213 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2019-25213?

Check the references section above for vendor advisories and patch information. Affected products include: Vasyltech Advanced Access Manager.

Vulnerability Description

The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Vasyltech	Advanced Access Manager	<= 5.9.8.1

Related Weaknesses (CWE)

CWE-22

References

FAQ

What is CVE-2019-25213?

CVE-2019-25213 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read in versions up to, and including, 5.9.8.1 due to insufficient validation on the aam-media paramete...

How severe is CVE-2019-25213?

CVE-2019-25213 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-25213?

Check the references section above for vendor advisories and patch information. Affected products include: Vasyltech Advanced Access Manager.