VYPR

CWE-266

Incorrect Privilege Assignment

BaseDraft

Description

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

CVEs mapped to this weakness (593)

page 4 of 30
  • CVE-2024-12470CriJan 7, 2025
    risk 0.64cvss 9.8epss 0.01

    The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for…

  • CVE-2024-56043CriDec 31, 2024
    risk 0.64cvss 9.8epss 0.01

    Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS: from n/a through <= 1.9.9.

  • CVE-2024-56040CriDec 31, 2024
    risk 0.64cvss 9.8epss 0.01

    Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.This issue affects VibeBP: from n/a through <= 1.9.9.4.1.

  • CVE-2024-56205CriDec 31, 2024
    risk 0.64cvss 9.8epss 0.01

    Incorrect Privilege Assignment vulnerability in SunnyKai AI Magic newsletter-page-redirects allows Privilege Escalation.This issue affects AI Magic: from n/a through <= 1.0.4.

  • CVE-2024-56071CriDec 31, 2024
    risk 0.64cvss 9.8epss 0.01

    Incorrect Privilege Assignment vulnerability in mikeleembruggen Simple Dashboard simple-dashboard allows Privilege Escalation.This issue affects Simple Dashboard: from n/a through <= 2.0.

  • CVE-2024-56220CriDec 31, 2024
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows Privilege Escalation.This issue affects SSL Wireless SMS Notification: from n/a through <= 3.6.0.

  • CVE-2024-54383CriDec 18, 2024
    risk 0.64cvss 9.8epss 0.01

    Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a through < 4.9.9.

  • CVE-2024-54229CriDec 16, 2024
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in straightvisions GmbH SV100 Companion sv100-companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through <= 2.0.02.

  • CVE-2024-54293CriDec 13, 2024
    risk 0.64cvss 9.8epss 0.01

    Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through <= 2.2.0.

  • CVE-2024-52442CriNov 20, 2024
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in userplus UserPlus userplus allows Privilege Escalation.This issue affects UserPlus: from n/a through <= 2.0.

  • CVE-2024-49322CriOct 17, 2024
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress jemployee allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through <= 1.0.

  • CVE-2024-49217CriOct 17, 2024
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in madiriaashish Adding drop down roles in registration user-drop-down-roles-in-registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through <= 1.1.

  • CVE-2024-43153CriAug 13, 2024
    risk 0.64cvss 9.8epss 0.01

    Incorrect Privilege Assignment vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through <= 5.4.10.

  • CVE-2024-37927CriJul 12, 2024
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in NooTheme Jobmonster noo-jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through <= 4.7.5.

  • CVE-2024-35700CriJun 4, 2024
    risk 0.64cvss 9.8epss 0.00

    Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.8.

  • CVE-2024-22145HigMay 17, 2024
    risk 0.61cvss 8.8epss 0.01

    Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8.

  • CVE-2026-32519CriMar 25, 2026
    risk 0.59cvss 9.0epss 0.00

    Incorrect Privilege Assignment vulnerability in Bit Apps Bit SMTP bit-smtp allows Privilege Escalation.This issue affects Bit SMTP: from n/a through <= 1.2.2.

  • CVE-2025-45006CriJul 1, 2025
    risk 0.59cvss 9.1epss 0.00

    Improper mstatus.SUM bit retention (non-zero) in Open-Source RISC-V Processor commit f517abb violates privileged spec constraints, enabling potential physical memory access attacks.

  • CVE-2026-48889HigJun 15, 2026
    risk 0.57cvss 8.8epss 0.00

    Subscriber Privilege Escalation in Amelia <= 2.3 versions.

  • CVE-2026-39579HigJun 15, 2026
    risk 0.57cvss 8.8epss 0.00

    Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.