VYPR

CWE-266

Incorrect Privilege Assignment

BaseDraft

Description

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

CVEs mapped to this weakness (593)

page 2 of 30
  • CVE-2026-22337CriApr 27, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4.

  • CVE-2026-33519CriApr 21, 2026
    risk 0.64cvss 9.8epss 0.00

    An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.

  • CVE-2026-33518CriApr 21, 2026
    risk 0.64cvss 9.8epss 0.00

    An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected.

  • CVE-2026-32520CriMar 25, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue affects RewardsWP: from n/a through <= 1.0.4.

  • CVE-2026-27051CriMar 25, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This issue affects Golo: from n/a through <= 1.7.0.

  • CVE-2026-24971CriMar 25, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through <= 2.8.

  • CVE-2026-24968CriMar 25, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Xagio SEO Xagio SEO xagio-seo allows Privilege Escalation.This issue affects Xagio SEO: from n/a through <= 7.1.0.30.

  • CVE-2026-27542CriMar 19, 2026
    risk 0.64cvss 9.8epss 0.01

    Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture woocommerce-wholesale-lead-capture allows Privilege Escalation.This issue affects Woocommerce Wholesale Lead Capture: from n/a through <= 2.0.3.1.

  • CVE-2026-27983CriMar 5, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through <= 1.0.4.

  • CVE-2025-68869CriJan 22, 2026
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in LazyCoders LLC LazyTasks lazytasks-project-task-management allows Privilege Escalation.This issue affects LazyTasks: from n/a through <= 1.2.37.

  • CVE-2026-23550CriJan 14, 2026
    risk 0.64cvss 9.8epss 0.21

    Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from n/a through <= 2.5.1.

  • CVE-2019-25249CriDec 24, 2025
    risk 0.64cvss 9.8epss 0.00

    devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password…

  • CVE-2025-64188CriDec 18, 2025
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege Escalation.This issue affects Soledad: from n/a through <= 8.6.9.

  • CVE-2025-6325CriNov 6, 2025
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in KingAddons.com King Addons for Elementor king-addons allows Privilege Escalation.This issue affects King Addons for Elementor: from n/a through <= 51.1.36.

  • CVE-2025-60243CriNov 6, 2025
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Holest Engineering Selling Commander for WooCommerce selling-commander-connector allows Privilege Escalation.This issue affects Selling Commander for WooCommerce: from n/a through <= 1.2.46.

  • CVE-2025-60195CriNov 6, 2025
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.This issue affects Atarim: from n/a through <= 4.2.1.

  • CVE-2025-60220CriOct 22, 2025
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in pebas CouponXxL couponxxl allows Privilege Escalation.This issue affects CouponXxL: from n/a through <= 3.0.0.

  • CVE-2025-49401CriSep 5, 2025
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in axiomthemes smart SEO smartSEO allows Privilege Escalation.This issue affects smart SEO: from n/a through <= 4.0.

  • CVE-2024-32444CriSep 3, 2025
    risk 0.64cvss 9.8epss 0.01

    Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.3.6.

  • CVE-2025-49388CriAug 28, 2025
    risk 0.64cvss 9.8epss 0.05

    Incorrect Privilege Assignment vulnerability in kamleshyadav Miraculous Core Plugin miraculouscore allows Privilege Escalation.This issue affects Miraculous Core Plugin: from n/a through <= 2.0.7.