Report
The Advanced Access Manager plugin before 6.6.2 for WordPress allows privilege escalation on profile updates via the aam_user_roles POST parameter if Multiple Role support is enabled. (The mechanism for deciding whether a user was entitled to add a role did not work in various custom-role scenarios.)
Score:7.5
Severity:High
Version: 6.6.1
There is a patch available in v6.6.2 and we strongly recommend you update to this version as soon as possible.
