CWE-266
Incorrect Privilege Assignment
Description
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Hierarchy (View 1000)
CVEs mapped to this weakness (593)
page 3 of 30| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54049 | Cri | 0.64 | 9.9 | 0.00 | Aug 20, 2025 | Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue affects Custom API for WP: from n/a through <= 4.2.2. | ||
| CVE-2025-53580 | Cri | 0.64 | 9.8 | 0.00 | Aug 20, 2025 | Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: from n/a through < 15.6.9. | ||
| CVE-2025-49422 | Cri | 0.64 | 9.8 | 0.00 | Aug 20, 2025 | Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through <= 1.9. | ||
| CVE-2025-52836 | Cri | 0.64 | 9.8 | 0.00 | Jul 16, 2025 | Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Privilege Escalation.This issue affects The E-Commerce ERP: from n/a through <= 2.1.1.3. | ||
| CVE-2025-49867 | Cri | 0.64 | 9.8 | 0.00 | Jul 4, 2025 | Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.4.0. | ||
| CVE-2025-23970 | Cri | 0.64 | 9.8 | 0.01 | Jul 4, 2025 | Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking sf-booking allows Privilege Escalation.This issue affects Service Finder Booking: from n/a through <= 6.1. | ||
| CVE-2025-48129 | Cri | 0.64 | 9.8 | 0.00 | Jun 9, 2025 | Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Privilege Escalation.This issue affects Spreadsheet Price Changer for… | ||
| CVE-2025-39489 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2025 | Incorrect Privilege Assignment vulnerability in pebas CouponXL couponxl allows Privilege Escalation.This issue affects CouponXL: from n/a through <= 4.5.0. | ||
| CVE-2025-31918 | Cri | 0.64 | 9.8 | 0.00 | May 23, 2025 | Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: from n/a through < 15.6.9. | ||
| CVE-2025-32980 | Cri | 0.64 | 9.8 | 0.00 | Apr 25, 2025 | NETSCOUT nGeniusONE before 6.4.0 P11 b3245 has a Weak Sudo Configuration. | ||
| CVE-2025-2470 | Cri | 0.64 | 9.8 | 0.00 | Apr 25, 2025 | The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the… | ||
| CVE-2025-32648 | Cri | 0.64 | 9.8 | 0.00 | Apr 17, 2025 | Incorrect Privilege Assignment vulnerability in Projectopia Projectopia projectopia-core allows Privilege Escalation.This issue affects Projectopia: from n/a through <= 5.1.24. | ||
| CVE-2025-32491 | Cri | 0.64 | 9.8 | 0.01 | Apr 11, 2025 | Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO rankology-seo-all-in-one-seo-analytics allows Privilege Escalation.This issue affects Rankology SEO – On-site SEO: from n/a through <= 2.2.4. | ||
| CVE-2025-32695 | Cri | 0.64 | 9.8 | 0.00 | Apr 9, 2025 | Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP checkout-mestres-wp allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through <= 8.7.5. | ||
| CVE-2024-51800 | Cri | 0.64 | 9.8 | 0.00 | Apr 4, 2025 | Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1. | ||
| CVE-2025-2345 | Cri | 0.64 | 9.8 | 0.01 | Mar 16, 2025 | A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The vendor was contacted early… | ||
| CVE-2024-56000 | Cri | 0.64 | 9.8 | 0.01 | Feb 18, 2025 | Incorrect Privilege Assignment vulnerability in SeventhQueen K Elements k-elements allows Privilege Escalation.This issue affects K Elements: from n/a through < 5.4.0. | ||
| CVE-2024-12213 | Cri | 0.64 | 9.8 | 0.01 | Feb 12, 2025 | The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to 2.3.16. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an… | ||
| CVE-2024-51888 | Cri | 0.64 | 9.8 | 0.00 | Jan 21, 2025 | Incorrect Privilege Assignment vulnerability in favethemes Homey Login Register homey-login-register allows Privilege Escalation.This issue affects Homey Login Register: from n/a through <= 2.4.0. | ||
| CVE-2024-32555 | Cri | 0.64 | 9.8 | 0.01 | Jan 21, 2025 | Incorrect Privilege Assignment vulnerability in InspiryThemes Easy Real Estate easy-real-estate allows Privilege Escalation.This issue affects Easy Real Estate: from n/a through <= 2.2.9. |
- risk 0.64cvss 9.9epss 0.00
Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue affects Custom API for WP: from n/a through <= 4.2.2.
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: from n/a through < 15.6.9.
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in themepassion Support Ticket support-ticket allows Privilege Escalation.This issue affects Support Ticket: from n/a through <= 1.9.
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Privilege Escalation.This issue affects The E-Commerce ERP: from n/a through <= 2.1.1.3.
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.4.0.
- risk 0.64cvss 9.8epss 0.01
Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking sf-booking allows Privilege Escalation.This issue affects Service Finder Booking: from n/a through <= 6.1.
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Privilege Escalation.This issue affects Spreadsheet Price Changer for…
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in pebas CouponXL couponxl allows Privilege Escalation.This issue affects CouponXL: from n/a through <= 4.5.0.
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: from n/a through < 15.6.9.
- risk 0.64cvss 9.8epss 0.00
NETSCOUT nGeniusONE before 6.4.0 P11 b3245 has a Weak Sudo Configuration.
- risk 0.64cvss 9.8epss 0.00
The Service Finder Bookings plugin for WordPress, used by the Service Finder - Directory and Job Board WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 5.1. This is due to a lack of restriction on user role in the…
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in Projectopia Projectopia projectopia-core allows Privilege Escalation.This issue affects Projectopia: from n/a through <= 5.1.24.
- risk 0.64cvss 9.8epss 0.01
Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO rankology-seo-all-in-one-seo-analytics allows Privilege Escalation.This issue affects Rankology SEO – On-site SEO: from n/a through <= 2.2.4.
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP checkout-mestres-wp allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through <= 8.7.5.
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1.
- risk 0.64cvss 9.8epss 0.01
A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The vendor was contacted early…
- risk 0.64cvss 9.8epss 0.01
Incorrect Privilege Assignment vulnerability in SeventhQueen K Elements k-elements allows Privilege Escalation.This issue affects K Elements: from n/a through < 5.4.0.
- risk 0.64cvss 9.8epss 0.01
The WP Job Board Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to 2.3.16. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an…
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in favethemes Homey Login Register homey-login-register allows Privilege Escalation.This issue affects Homey Login Register: from n/a through <= 2.4.0.
- risk 0.64cvss 9.8epss 0.01
Incorrect Privilege Assignment vulnerability in InspiryThemes Easy Real Estate easy-real-estate allows Privilege Escalation.This issue affects Easy Real Estate: from n/a through <= 2.2.9.