CWE-266
Incorrect Privilege Assignment
Description
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Hierarchy (View 1000)
CVEs mapped to this weakness (593)
page 4 of 30| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-12470 | Cri | 0.64 | 9.8 | 0.01 | Jan 7, 2025 | The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for… | ||
| CVE-2024-56043 | Cri | 0.64 | 9.8 | 0.01 | Dec 31, 2024 | Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS: from n/a through <= 1.9.9. | ||
| CVE-2024-56040 | Cri | 0.64 | 9.8 | 0.01 | Dec 31, 2024 | Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.This issue affects VibeBP: from n/a through <= 1.9.9.4.1. | ||
| CVE-2024-56205 | Cri | 0.64 | 9.8 | 0.01 | Dec 31, 2024 | Incorrect Privilege Assignment vulnerability in SunnyKai AI Magic newsletter-page-redirects allows Privilege Escalation.This issue affects AI Magic: from n/a through <= 1.0.4. | ||
| CVE-2024-56071 | Cri | 0.64 | 9.8 | 0.01 | Dec 31, 2024 | Incorrect Privilege Assignment vulnerability in mikeleembruggen Simple Dashboard simple-dashboard allows Privilege Escalation.This issue affects Simple Dashboard: from n/a through <= 2.0. | ||
| CVE-2024-56220 | Cri | 0.64 | 9.8 | 0.00 | Dec 31, 2024 | Incorrect Privilege Assignment vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows Privilege Escalation.This issue affects SSL Wireless SMS Notification: from n/a through <= 3.6.0. | ||
| CVE-2024-54383 | Cri | 0.64 | 9.8 | 0.01 | Dec 18, 2024 | Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a through < 4.9.9. | ||
| CVE-2024-54229 | Cri | 0.64 | 9.8 | 0.00 | Dec 16, 2024 | Incorrect Privilege Assignment vulnerability in straightvisions GmbH SV100 Companion sv100-companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through <= 2.0.02. | ||
| CVE-2024-54293 | Cri | 0.64 | 9.8 | 0.01 | Dec 13, 2024 | Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through <= 2.2.0. | ||
| CVE-2024-52442 | Cri | 0.64 | 9.8 | 0.00 | Nov 20, 2024 | Incorrect Privilege Assignment vulnerability in userplus UserPlus userplus allows Privilege Escalation.This issue affects UserPlus: from n/a through <= 2.0. | ||
| CVE-2024-49322 | Cri | 0.64 | 9.8 | 0.00 | Oct 17, 2024 | Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress jemployee allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through <= 1.0. | ||
| CVE-2024-49217 | Cri | 0.64 | 9.8 | 0.00 | Oct 17, 2024 | Incorrect Privilege Assignment vulnerability in madiriaashish Adding drop down roles in registration user-drop-down-roles-in-registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through <= 1.1. | ||
| CVE-2024-43153 | Cri | 0.64 | 9.8 | 0.01 | Aug 13, 2024 | Incorrect Privilege Assignment vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through <= 5.4.10. | ||
| CVE-2024-37927 | Cri | 0.64 | 9.8 | 0.00 | Jul 12, 2024 | Incorrect Privilege Assignment vulnerability in NooTheme Jobmonster noo-jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through <= 4.7.5. | ||
| CVE-2024-35700 | Cri | 0.64 | 9.8 | 0.00 | Jun 4, 2024 | Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.8. | ||
| CVE-2024-22145 | Hig | 0.61 | 8.8 | 0.01 | May 17, 2024 | Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8. | ||
| CVE-2026-32519 | Cri | 0.59 | 9.0 | 0.00 | Mar 25, 2026 | Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue affects Bit SMTP: from n/a through <= 1.2.2. | ||
| CVE-2025-45006 | Cri | 0.59 | 9.1 | 0.00 | Jul 1, 2025 | Improper mstatus.SUM bit retention (non-zero) in Open-Source RISC-V Processor commit f517abb violates privileged spec constraints, enabling potential physical memory access attacks. | ||
| CVE-2026-48889 | Hig | 0.57 | 8.8 | 0.00 | Jun 15, 2026 | Subscriber Privilege Escalation in Amelia <= 2.3 versions. | ||
| CVE-2026-39579 | Hig | 0.57 | 8.8 | 0.00 | Jun 15, 2026 | Contributor Privilege Escalation in B Blocks <= 2.0.31 versions. |
- risk 0.64cvss 9.8epss 0.01
The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for…
- risk 0.64cvss 9.8epss 0.01
Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS: from n/a through <= 1.9.9.
- risk 0.64cvss 9.8epss 0.01
Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.This issue affects VibeBP: from n/a through <= 1.9.9.4.1.
- risk 0.64cvss 9.8epss 0.01
Incorrect Privilege Assignment vulnerability in SunnyKai AI Magic newsletter-page-redirects allows Privilege Escalation.This issue affects AI Magic: from n/a through <= 1.0.4.
- risk 0.64cvss 9.8epss 0.01
Incorrect Privilege Assignment vulnerability in mikeleembruggen Simple Dashboard simple-dashboard allows Privilege Escalation.This issue affects Simple Dashboard: from n/a through <= 2.0.
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows Privilege Escalation.This issue affects SSL Wireless SMS Notification: from n/a through <= 3.6.0.
- risk 0.64cvss 9.8epss 0.01
Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a through < 4.9.9.
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in straightvisions GmbH SV100 Companion sv100-companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through <= 2.0.02.
- risk 0.64cvss 9.8epss 0.01
Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through <= 2.2.0.
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in userplus UserPlus userplus allows Privilege Escalation.This issue affects UserPlus: from n/a through <= 2.0.
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress jemployee allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through <= 1.0.
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in madiriaashish Adding drop down roles in registration user-drop-down-roles-in-registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through <= 1.1.
- risk 0.64cvss 9.8epss 0.01
Incorrect Privilege Assignment vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through <= 5.4.10.
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in NooTheme Jobmonster noo-jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through <= 4.7.5.
- risk 0.64cvss 9.8epss 0.00
Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.8.
- risk 0.61cvss 8.8epss 0.01
Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8.
- risk 0.59cvss 9.0epss 0.00
Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue affects Bit SMTP: from n/a through <= 1.2.2.
- risk 0.59cvss 9.1epss 0.00
Improper mstatus.SUM bit retention (non-zero) in Open-Source RISC-V Processor commit f517abb violates privileged spec constraints, enabling potential physical memory access attacks.
- risk 0.57cvss 8.8epss 0.00
Subscriber Privilege Escalation in Amelia <= 2.3 versions.
- risk 0.57cvss 8.8epss 0.00
Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.