CVE-2019-25213

Name of the Vulnerable Software and Affected Versions Advanced Access Manager plugin for WordPress versions up to, and including, 5.9.8.1 Wordfence (affected versions not specified)

Description The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Read due to insufficient validation on the aam-media parameter. This allows unauthenticated attackers to read any file on the server, including sensitive files such as wp-config.php. A critical vulnerability in Wordfence affects multiple versions, but the exact nature of this vulnerability is not specified in the provided information.

Recommendations For Advanced Access Manager plugin for WordPress versions up to, and including, 5.9.8.1: Update to a version later than 5.9.8.1 to resolve the Unauthenticated Arbitrary File Read vulnerability. For Wordfence: Update to the latest version and apply all recommended patches to ensure the site is secure. At the moment, there is no information about a newer version that contains a fix for this vulnerability in Wordfence.