CWE-266
Incorrect Privilege Assignment
BaseDraft
Description
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Hierarchy (View 1000)
CVEs mapped to this weakness (462)
page 6 of 24| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-48142 | Hig | 0.57 | 8.8 | 0.00 | Aug 20, 2025 | Incorrect Privilege Assignment vulnerability in Saad Iqbal Bookify bookify allows Privilege Escalation.This issue affects Bookify: from n/a through <= 1.0.9. | |
| CVE-2025-47561 | Hig | 0.57 | 8.8 | 0.00 | Jun 9, 2025 | Incorrect Privilege Assignment vulnerability in RomanCode MapSVG mapsvg allows Privilege Escalation.This issue affects MapSVG: from n/a through < 8.6.13. | |
| CVE-2025-47631 | Hig | 0.57 | 8.8 | 0.00 | May 23, 2025 | Incorrect Privilege Assignment vulnerability in mojoomla Hospital Management System allows Privilege Escalation. This issue affects Hospital Management System: from 47.0(20 through 11. | |
| CVE-2025-39366 | Hig | 0.57 | 8.8 | 0.00 | May 19, 2025 | Incorrect Privilege Assignment vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0. | |
| CVE-2025-39405 | Hig | 0.57 | 8.8 | 0.00 | May 19, 2025 | Incorrect Privilege Assignment vulnerability in mojoomla WPAMS apartment-management allows Privilege Escalation.This issue affects WPAMS: from n/a through <= 44.0 (17-08-2023). | |
| CVE-2025-39542 | Hig | 0.57 | 8.8 | 0.00 | Apr 17, 2025 | Incorrect Privilege Assignment vulnerability in Jauhari Xelion Xelion Webchat xelion-webchat allows Privilege Escalation.This issue affects Xelion Webchat: from n/a through <= 9.1.0. | |
| CVE-2025-31524 | Hig | 0.57 | 8.8 | 0.00 | Apr 10, 2025 | Incorrect Privilege Assignment vulnerability in John James Jacoby WP User Profiles wp-users-profiles allows Privilege Escalation.This issue affects WP User Profiles: from n/a through <= 2.6.2. | |
| CVE-2025-1653 | Hig | 0.57 | 8.8 | 0.00 | Mar 15, 2025 | The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.0. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that can be updated. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator. | |
| CVE-2025-23528 | Hig | 0.57 | 8.8 | 0.00 | Jan 16, 2025 | Incorrect Privilege Assignment vulnerability in Mosterd3d DD Roles dd-roles allows Privilege Escalation.This issue affects DD Roles: from n/a through <= 4.1. | |
| CVE-2025-22736 | Hig | 0.57 | 8.8 | 0.00 | Jan 15, 2025 | Incorrect Privilege Assignment vulnerability in Saad Iqbal User Management user-management allows Privilege Escalation.This issue affects User Management: from n/a through <= 1.2. | |
| CVE-2024-56280 | Hig | 0.57 | 8.8 | 0.00 | Jan 7, 2025 | Incorrect Privilege Assignment vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Privilege Escalation.This issue affects WPGuppy: from n/a through <= 1.1.0. | |
| CVE-2024-49644 | Hig | 0.57 | 8.8 | 0.00 | Jan 7, 2025 | Incorrect Privilege Assignment vulnerability in AllAccessible Accessibility by AllAccessible allaccessible allows Privilege Escalation.This issue affects Accessibility by AllAccessible: from n/a through <= 1.3.4. | |
| CVE-2024-54365 | Hig | 0.57 | 8.8 | 0.00 | Dec 16, 2024 | Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through <= 1.0.0. | |
| CVE-2024-50506 | Hig | 0.57 | 8.8 | 0.00 | Oct 30, 2024 | Incorrect Privilege Assignment vulnerability in azexo Marketing Automation by AZEXO marketing-automation-by-azexo allows Privilege Escalation.This issue affects Marketing Automation by AZEXO: from n/a through <= 1.27.80. | |
| CVE-2024-50504 | Hig | 0.57 | 8.8 | 0.00 | Oct 30, 2024 | Incorrect Privilege Assignment vulnerability in webxmedia Bulk Change Role bulk-role-change allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through <= 1.1. | |
| CVE-2024-50481 | Hig | 0.57 | 8.8 | 0.00 | Oct 29, 2024 | Incorrect Privilege Assignment vulnerability in stackthemes Bstone Demo Importer bstone-demo-importer allows Privilege Escalation.This issue affects Bstone Demo Importer: from n/a through <= 1.0.1. | |
| CVE-2024-49608 | Hig | 0.57 | 8.8 | 0.00 | Oct 20, 2024 | Incorrect Privilege Assignment vulnerability in gerryworks GERRYWORKS Post by Mail gerryworks-post-by-mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through <= 1.0. | |
| CVE-2024-49219 | Hig | 0.57 | 8.8 | 0.00 | Oct 17, 2024 | Incorrect Privilege Assignment vulnerability in themexpo RS-Members rs-members allows Privilege Escalation.This issue affects RS-Members: from n/a through <= 1.0.3. | |
| CVE-2024-22303 | Hig | 0.57 | 8.8 | 0.00 | Sep 17, 2024 | Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4. | |
| CVE-2024-21743 | Hig | 0.57 | 8.8 | 0.00 | Sep 17, 2024 | Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5. |