CWE-266
Incorrect Privilege Assignment
BaseDraft
Description
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Hierarchy (View 1000)
CVEs mapped to this weakness (462)
page 5 of 24| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-69182 | Hig | 0.57 | 8.8 | 0.00 | Jan 22, 2026 | Incorrect Privilege Assignment vulnerability in e-plugins Institutions Directory institutions-directory allows Privilege Escalation.This issue affects Institutions Directory: from n/a through <= 1.3.4. | |
| CVE-2025-67966 | Hig | 0.57 | 8.8 | 0.00 | Jan 22, 2026 | Incorrect Privilege Assignment vulnerability in e-plugins Lawyer Directory lawyer-directory allows Privilege Escalation.This issue affects Lawyer Directory: from n/a through <= 1.3.3. | |
| CVE-2025-50007 | Hig | 0.57 | 8.8 | 0.00 | Jan 22, 2026 | Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through <= 1.2.9.4. | |
| CVE-2025-31643 | Hig | 0.57 | 8.8 | 0.00 | Jan 7, 2026 | Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0. | |
| CVE-2025-29004 | Hig | 0.57 | 8.8 | 0.00 | Jan 6, 2026 | Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Verification / Restriction for WordPress, AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress allows Privilege Escalation.This issue affects Premium Age Verification / Restriction for WordPress: from n/a through 3.0.2; Responsive Coming Soon Landing Page / Holding Page for WordPress: from n/a through 3.0. | |
| CVE-2025-59134 | Hig | 0.57 | 8.8 | 0.00 | Dec 18, 2025 | Incorrect Privilege Assignment vulnerability in Jthemes Sale! Immigration law, Visa services support, Migration Agent Consulting immiex allows Privilege Escalation.This issue affects Sale! Immigration law, Visa services support, Migration Agent Consulting: from n/a through <= 1.5.8. | |
| CVE-2025-58710 | Hig | 0.57 | 8.8 | 0.00 | Dec 18, 2025 | Incorrect Privilege Assignment vulnerability in e-plugins Hotel Listing hotel-listing allows Privilege Escalation.This issue affects Hotel Listing: from n/a through <= 1.4.0. | |
| CVE-2025-45311 | Hig | 0.57 | 8.8 | 0.00 | Nov 26, 2025 | Insecure permissions in fail2ban-client v0.11.2 allows attackers with limited sudo privileges to perform arbitrary operations as root. NOTE: this is disputed by multiple parties because the action for a triggered rule can legitimately be an arbitrary operation as root. Thus, the software is behaving in accordance with its intended privilege model. | |
| CVE-2025-62034 | Hig | 0.57 | 8.8 | 0.00 | Nov 6, 2025 | Incorrect Privilege Assignment vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. | |
| CVE-2025-49900 | Hig | 0.57 | 8.8 | 0.00 | Nov 6, 2025 | Incorrect Privilege Assignment vulnerability in bPlugins Advanced scrollbar advanced-scrollbar allows Privilege Escalation.This issue affects Advanced scrollbar: from n/a through <= 1.1.8. | |
| CVE-2025-62007 | Hig | 0.57 | 8.8 | 0.00 | Oct 22, 2025 | Incorrect Privilege Assignment vulnerability in bPlugins Voice Feedback voice-feedback allows Privilege Escalation.This issue affects Voice Feedback: from n/a through <= 1.0.3. | |
| CVE-2025-60222 | Hig | 0.57 | 8.8 | 0.00 | Oct 22, 2025 | Incorrect Privilege Assignment vulnerability in FantasticPlugins SUMO Memberships for WooCommerce sumomemberships allows Privilege Escalation.This issue affects SUMO Memberships for WooCommerce: from n/a through <= 7.8.0. | |
| CVE-2025-60211 | Hig | 0.57 | 8.8 | 0.00 | Oct 22, 2025 | Incorrect Privilege Assignment vulnerability in extendons WooCommerce Registration Fields Plugin - Custom Signup Fields extendons-registration-fields allows Privilege Escalation.This issue affects WooCommerce Registration Fields Plugin - Custom Signup Fields: from n/a through <= 3.2.3. | |
| CVE-2025-59580 | Hig | 0.57 | 8.8 | 0.00 | Oct 22, 2025 | Incorrect Privilege Assignment vulnerability in GoodLayers Goodlayers Core goodlayers-core allows Privilege Escalation.This issue affects Goodlayers Core: from n/a through < 2.1.7. | |
| CVE-2025-53428 | Hig | 0.57 | 8.8 | 0.00 | Oct 22, 2025 | Incorrect Privilege Assignment vulnerability in N-Media Simple User Registration wp-registration allows Privilege Escalation.This issue affects Simple User Registration: from n/a through <= 6.8. | |
| CVE-2025-48082 | Hig | 0.57 | 8.8 | 0.00 | Oct 22, 2025 | Incorrect Privilege Assignment vulnerability in Progress Planner Progress Planner progress-planner allows Privilege Escalation.This issue affects Progress Planner: from n/a through <= 1.8.0. | |
| CVE-2025-10725 | Cri | 0.57 | 9.9 | 0.00 | Sep 30, 2025 | A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it. | |
| CVE-2025-54735 | Hig | 0.57 | 8.8 | 0.00 | Aug 20, 2025 | Incorrect Privilege Assignment vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Privilege Escalation.This issue affects CubeWP: from n/a through <= 1.1.24. | |
| CVE-2025-48165 | Hig | 0.57 | 8.8 | 0.00 | Aug 20, 2025 | Incorrect Privilege Assignment vulnerability in DELUCKS DELUCKS SEO delucks-seo allows Privilege Escalation.This issue affects DELUCKS SEO: from n/a through <= 2.6.0. | |
| CVE-2025-48164 | Hig | 0.57 | 8.8 | 0.00 | Aug 20, 2025 | Incorrect Privilege Assignment vulnerability in Brainstorm Force SureDash suredash allows Privilege Escalation.This issue affects SureDash: from n/a through <= 1.0.3. |