VYPR

CWE-266

Incorrect Privilege Assignment

BaseDraft

Description

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

CVEs mapped to this weakness (593)

page 3 of 30
  • CVE-2025-54049CriAug 20, 2025
    risk 0.64cvss 9.9epss 0.00

    Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue affects Custom API for WP: from n/a through <= 4.2.2.

  • CVE-2025-53580CriAug 20, 2025
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: from n/a through < 15.6.9.

  • CVE-2025-49422CriAug 20, 2025
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through <= 1.9.

  • CVE-2025-52836CriJul 16, 2025
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Privilege Escalation.This issue affects The E-Commerce ERP: from n/a through <= 2.1.1.3.

  • CVE-2025-49867CriJul 4, 2025
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.4.0.

  • CVE-2025-23970CriJul 4, 2025
    risk 0.64cvss 9.8epss 0.01

    Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking sf-booking allows Privilege Escalation.This issue affects Service Finder Booking: from n/a through <= 6.1.

  • CVE-2025-48129CriJun 9, 2025
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Privilege Escalation.This issue affects Spreadsheet Price Changer for…

  • CVE-2025-39489CriMay 23, 2025
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in pebas CouponXL couponxl allows Privilege Escalation.This issue affects CouponXL: from n/a through <= 4.5.0.

  • CVE-2025-31918CriMay 23, 2025
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: from n/a through < 15.6.9.

  • CVE-2025-32980CriApr 25, 2025
    risk 0.64cvss 9.8epss 0.00

    NETSCOUT nGeniusONE before 6.4.0 P11 b3245 has a Weak Sudo Configuration.

  • CVE-2025-2470CriApr 25, 2025
    risk 0.64cvss 9.8epss 0.00

    The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the…

  • CVE-2025-32648CriApr 17, 2025
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Projectopia Projectopia projectopia-core allows Privilege Escalation.This issue affects Projectopia: from n/a through <= 5.1.24.

  • CVE-2025-32491CriApr 11, 2025
    risk 0.64cvss 9.8epss 0.01

    Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO rankology-seo-all-in-one-seo-analytics allows Privilege Escalation.This issue affects Rankology SEO – On-site SEO: from n/a through <= 2.2.4.

  • CVE-2025-32695CriApr 9, 2025
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP checkout-mestres-wp allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through <= 8.7.5.

  • CVE-2024-51800CriApr 4, 2025
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1.

  • CVE-2025-2345CriMar 16, 2025
    risk 0.64cvss 9.8epss 0.01

    A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The vendor was contacted early…

  • CVE-2024-56000CriFeb 18, 2025
    risk 0.64cvss 9.8epss 0.01

    Incorrect Privilege Assignment vulnerability in SeventhQueen K Elements k-elements allows Privilege Escalation.This issue affects K Elements: from n/a through < 5.4.0.

  • CVE-2024-12213CriFeb 12, 2025
    risk 0.64cvss 9.8epss 0.01

    The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to 2.3.16. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an…

  • CVE-2024-51888CriJan 21, 2025
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in favethemes Homey Login Register homey-login-register allows Privilege Escalation.This issue affects Homey Login Register: from n/a through <= 2.4.0.

  • CVE-2024-32555CriJan 21, 2025
    risk 0.64cvss 9.8epss 0.01

    Incorrect Privilege Assignment vulnerability in InspiryThemes Easy Real Estate easy-real-estate allows Privilege Escalation.This issue affects Easy Real Estate: from n/a through <= 2.2.9.