CWE-266
Incorrect Privilege Assignment
Description
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Hierarchy (View 1000)
CVEs mapped to this weakness (593)
page 7 of 30| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-22736 | Hig | 0.57 | 8.8 | 0.00 | Jan 15, 2025 | Incorrect Privilege Assignment vulnerability in Saad Iqbal User Management user-management allows Privilege Escalation.This issue affects User Management: from n/a through <= 1.2. | ||
| CVE-2024-56280 | Hig | 0.57 | 8.8 | 0.00 | Jan 7, 2025 | Incorrect Privilege Assignment vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Privilege Escalation.This issue affects WPGuppy: from n/a through <= 1.1.0. | ||
| CVE-2024-49644 | Hig | 0.57 | 8.8 | 0.00 | Jan 7, 2025 | Incorrect Privilege Assignment vulnerability in AllAccessible Accessibility by AllAccessible allaccessible allows Privilege Escalation.This issue affects Accessibility by AllAccessible: from n/a through <= 1.3.4. | ||
| CVE-2024-54365 | Hig | 0.57 | 8.8 | 0.01 | Dec 16, 2024 | Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through <= 1.0.0. | ||
| CVE-2024-50506 | Hig | 0.57 | 8.8 | 0.00 | Oct 30, 2024 | Incorrect Privilege Assignment vulnerability in azexo Marketing Automation by AZEXO marketing-automation-by-azexo allows Privilege Escalation.This issue affects Marketing Automation by AZEXO: from n/a through <= 1.27.80. | ||
| CVE-2024-50504 | Hig | 0.57 | 8.8 | 0.00 | Oct 30, 2024 | Incorrect Privilege Assignment vulnerability in webxmedia Bulk Change Role bulk-role-change allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through <= 1.1. | ||
| CVE-2024-50481 | Hig | 0.57 | 8.8 | 0.00 | Oct 29, 2024 | Incorrect Privilege Assignment vulnerability in stackthemes Bstone Demo Importer bstone-demo-importer allows Privilege Escalation.This issue affects Bstone Demo Importer: from n/a through <= 1.0.1. | ||
| CVE-2024-49608 | Hig | 0.57 | 8.8 | 0.00 | Oct 20, 2024 | Incorrect Privilege Assignment vulnerability in gerryworks GERRYWORKS Post by Mail gerryworks-post-by-mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through <= 1.0. | ||
| CVE-2024-49219 | Hig | 0.57 | 8.8 | 0.00 | Oct 17, 2024 | Incorrect Privilege Assignment vulnerability in themexpo RS-Members rs-members allows Privilege Escalation.This issue affects RS-Members: from n/a through <= 1.0.3. | ||
| CVE-2024-9863 | Cri | 0.57 | 9.8 | 0.01 | Oct 17, 2024 | The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. This makes it possible for unauthenticated… | ||
| CVE-2024-22303 | Hig | 0.57 | 8.8 | 0.00 | Sep 17, 2024 | Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4. | ||
| CVE-2024-21743 | Hig | 0.57 | 8.8 | 0.00 | Sep 17, 2024 | Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5. | ||
| CVE-2024-32959 | Hig | 0.57 | 8.8 | 0.00 | May 17, 2024 | Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.2. | ||
| CVE-2024-32507 | Hig | 0.57 | 8.8 | 0.00 | May 17, 2024 | Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.7.16. | ||
| CVE-2023-38298 | Hig | 0.57 | 8.8 | 0.00 | Apr 22, 2024 | Various software builds for the following TCL devices (30Z, A3X, 20XE, 10L) leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining… | ||
| CVE-2024-2409 | Cri | 0.57 | 9.8 | 0.01 | Mar 29, 2024 | The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes… | ||
| CVE-2023-6009 | Hig | 0.57 | 8.8 | 0.01 | Nov 22, 2023 | The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a… | ||
| CVE-2023-4153 | Hig | 0.57 | 8.8 | 0.01 | Sep 13, 2023 | The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3dev_save_ban_user_settings_callback' function. This makes it possible for authenticated attackers, with minimal… | ||
| CVE-2025-52726 | Hig | 0.56 | 8.6 | 0.00 | Jun 27, 2025 | Incorrect Privilege Assignment vulnerability in pebas CouponXxL Custom Post Types couponxxl-cpt allows Privilege Escalation.This issue affects CouponXxL Custom Post Types: from n/a through <= 3.0. | ||
| CVE-2025-10577 | Hig | 0.55 | — | 0.00 | Oct 15, 2025 | Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. HP is releasing updated audio packages to mitigate the potential vulnerabilities |
- risk 0.57cvss 8.8epss 0.00
Incorrect Privilege Assignment vulnerability in Saad Iqbal User Management user-management allows Privilege Escalation.This issue affects User Management: from n/a through <= 1.2.
- risk 0.57cvss 8.8epss 0.00
Incorrect Privilege Assignment vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Privilege Escalation.This issue affects WPGuppy: from n/a through <= 1.1.0.
- risk 0.57cvss 8.8epss 0.00
Incorrect Privilege Assignment vulnerability in AllAccessible Accessibility by AllAccessible allaccessible allows Privilege Escalation.This issue affects Accessibility by AllAccessible: from n/a through <= 1.3.4.
- risk 0.57cvss 8.8epss 0.01
Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through <= 1.0.0.
- risk 0.57cvss 8.8epss 0.00
Incorrect Privilege Assignment vulnerability in azexo Marketing Automation by AZEXO marketing-automation-by-azexo allows Privilege Escalation.This issue affects Marketing Automation by AZEXO: from n/a through <= 1.27.80.
- risk 0.57cvss 8.8epss 0.00
Incorrect Privilege Assignment vulnerability in webxmedia Bulk Change Role bulk-role-change allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through <= 1.1.
- risk 0.57cvss 8.8epss 0.00
Incorrect Privilege Assignment vulnerability in stackthemes Bstone Demo Importer bstone-demo-importer allows Privilege Escalation.This issue affects Bstone Demo Importer: from n/a through <= 1.0.1.
- risk 0.57cvss 8.8epss 0.00
Incorrect Privilege Assignment vulnerability in gerryworks GERRYWORKS Post by Mail gerryworks-post-by-mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through <= 1.0.
- risk 0.57cvss 8.8epss 0.00
Incorrect Privilege Assignment vulnerability in themexpo RS-Members rs-members allows Privilege Escalation.This issue affects RS-Members: from n/a through <= 1.0.3.
- risk 0.57cvss 9.8epss 0.01
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. This makes it possible for unauthenticated…
- risk 0.57cvss 8.8epss 0.00
Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4.
- risk 0.57cvss 8.8epss 0.00
Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5.
- risk 0.57cvss 8.8epss 0.00
Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.2.
- risk 0.57cvss 8.8epss 0.00
Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.7.16.
- risk 0.57cvss 8.8epss 0.00
Various software builds for the following TCL devices (30Z, A3X, 20XE, 10L) leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining…
- risk 0.57cvss 9.8epss 0.01
The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes…
- risk 0.57cvss 8.8epss 0.01
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a…
- risk 0.57cvss 8.8epss 0.01
The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3dev_save_ban_user_settings_callback' function. This makes it possible for authenticated attackers, with minimal…
- risk 0.56cvss 8.6epss 0.00
Incorrect Privilege Assignment vulnerability in pebas CouponXxL Custom Post Types couponxxl-cpt allows Privilege Escalation.This issue affects CouponXxL Custom Post Types: from n/a through <= 3.0.
- risk 0.55cvss —epss 0.00
Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. HP is releasing updated audio packages to mitigate the potential vulnerabilities