Ov3Rfly

**Name of the Vulnerable Software and Affected Versions** Advanced Access Manager plugin for WordPress versions up to, and including, 5.9.8.1 Wordfence (affected versions not specified) **Description** The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read due to insufficient validation on the `aam-media` parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as `wp-config.php`. A critical vulnerability in Wordfence affects multiple versions, but the exact nature of this vulnerability is not specified in the provided information. **Recommendations** For Advanced Access Manager plugin for WordPress versions up to, and including, 5.9.8.1: Update to a version later than 5.9.8.1 to resolve the Unauthenticated Arbitrary File Read vulnerability. For Wordfence: Update to the latest version and apply all recommended patches to ensure the site is secure. At the moment, there is no information about a newer version that contains a fix for this vulnerability in Wordfence.