HIGH
AAM Plugin
CVE published 2026-06-01
CVE-2026-42674
CVE-2026-42674 is an authentication bypass by spoofing vulnerability in the Advanced Access Manager (AAM) WordPress plugin, affecting versions up to and including 7.1.0. The vulnerability allows URL encoding-based bypass of authentication controls, with a CVSS 3.1 score of 7.5 (HIGH severity). The issue was published in the NVD on June 1, 2026, with a deferred vulnerability status. The underlying weakness [truncated]