CWE-266
Incorrect Privilege Assignment
BaseDraft
Description
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Hierarchy (View 1000)
CVEs mapped to this weakness (462)
page 2 of 24| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-27983 | Cri | 0.64 | 9.8 | 0.00 | Mar 5, 2026 | Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through <= 1.0.4. | |
| CVE-2025-68869 | Cri | 0.64 | 9.8 | 0.00 | Jan 22, 2026 | Incorrect Privilege Assignment vulnerability in LazyCoders LLC LazyTasks lazytasks-project-task-management allows Privilege Escalation.This issue affects LazyTasks: from n/a through <= 1.2.37. | |
| CVE-2026-23550 | Cri | 0.64 | 9.8 | 0.05 | Jan 14, 2026 | Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from n/a through <= 2.5.1. | |
| CVE-2019-25249 | Cri | 0.64 | 9.8 | 0.00 | Dec 24, 2025 | devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating system configuration parameters. | |
| CVE-2025-64188 | Cri | 0.64 | 9.8 | 0.00 | Dec 18, 2025 | Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege Escalation.This issue affects Soledad: from n/a through <= 8.6.9. | |
| CVE-2025-6325 | Cri | 0.64 | 9.8 | 0.00 | Nov 6, 2025 | Incorrect Privilege Assignment vulnerability in KingAddons.com King Addons for Elementor king-addons allows Privilege Escalation.This issue affects King Addons for Elementor: from n/a through <= 51.1.36. | |
| CVE-2025-60243 | Cri | 0.64 | 9.8 | 0.00 | Nov 6, 2025 | Incorrect Privilege Assignment vulnerability in Holest Engineering Selling Commander for WooCommerce selling-commander-connector allows Privilege Escalation.This issue affects Selling Commander for WooCommerce: from n/a through <= 1.2.46. | |
| CVE-2025-60195 | Cri | 0.64 | 9.8 | 0.00 | Nov 6, 2025 | Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.This issue affects Atarim: from n/a through <= 4.2.1. | |
| CVE-2025-60220 | Cri | 0.64 | 9.8 | 0.00 | Oct 22, 2025 | Incorrect Privilege Assignment vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through <= 3.0.0. | |
| CVE-2025-49401 | Cri | 0.64 | 9.8 | 0.00 | Sep 5, 2025 | Incorrect Privilege Assignment vulnerability in axiomthemes smart SEO smartSEO allows Privilege Escalation.This issue affects smart SEO: from n/a through <= 4.0. | |
| CVE-2024-32444 | Cri | 0.64 | 9.8 | 0.00 | Sep 3, 2025 | Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.3.6. | |
| CVE-2025-49388 | Cri | 0.64 | 9.8 | 0.00 | Aug 28, 2025 | Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Privilege Escalation.This issue affects Miraculous Core Plugin: from n/a through <= 2.0.7. | |
| CVE-2025-54049 | Cri | 0.64 | 9.9 | 0.00 | Aug 20, 2025 | Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue affects Custom API for WP: from n/a through <= 4.2.2. | |
| CVE-2025-53580 | Cri | 0.64 | 9.8 | 0.00 | Aug 20, 2025 | Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: from n/a through < 15.6.9. | |
| CVE-2025-49422 | Cri | 0.64 | 9.8 | 0.00 | Aug 20, 2025 | Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through <= 1.9. | |
| CVE-2025-52836 | Cri | 0.64 | 9.8 | 0.00 | Jul 16, 2025 | Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Privilege Escalation.This issue affects The E-Commerce ERP: from n/a through <= 2.1.1.3. | |
| CVE-2025-49867 | Cri | 0.64 | 9.8 | 0.00 | Jul 4, 2025 | Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.4.0. | |
| CVE-2025-23970 | Cri | 0.64 | 9.8 | 0.00 | Jul 4, 2025 | Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking sf-booking allows Privilege Escalation.This issue affects Service Finder Booking: from n/a through <= 6.1. | |
| CVE-2025-48129 | Cri | 0.64 | 9.8 | 0.00 | Jun 9, 2025 | Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Privilege Escalation.This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through <= 2.4.37. | |
| CVE-2025-39489 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2025 | Incorrect Privilege Assignment vulnerability in pebas CouponXL couponxl allows Privilege Escalation.This issue affects CouponXL: from n/a through <= 4.5.0. |