Primary

Context

WordPress Advanced Access Manager Plugin Authentication Bypass Vulnerability

Vulnerability

Patched

An authentication bypass vulnerability has been identified in the WordPress Advanced Access Manager plugin, specifically in versions through 7.1.0. This vulnerability allows for URL encoding to be used to bypass authentication mechanisms within the plugin.

Impact

Exploiting this vulnerability could allow unauthorized users to bypass authentication, potentially leading to unauthorized access or actions within the application.

Remediation

Users of the WordPress Advanced Access Manager plugin should update to version 7.1.1 or later. Patchstack users can enable auto-updates for vulnerable plugins.

Added: Jun 1, 2026, 5:41 PM

Updated: Jun 1, 2026, 5:41 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

7.6

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

7.6

remediation

7.7

relevance

9.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Advanced Access Manager Plugin Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Advanced Access Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating