VYPR

CWE-266

Incorrect Privilege Assignment

BaseDraft

Description

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

CVEs mapped to this weakness (593)

page 7 of 30
  • CVE-2025-22736HigJan 15, 2025
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Saad Iqbal User Management user-management allows Privilege Escalation.This issue affects User Management: from n/a through <= 1.2.

  • CVE-2024-56280HigJan 7, 2025
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Privilege Escalation.This issue affects WPGuppy: from n/a through <= 1.1.0.

  • CVE-2024-49644HigJan 7, 2025
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in AllAccessible Accessibility by AllAccessible allaccessible allows Privilege Escalation.This issue affects Accessibility by AllAccessible: from n/a through <= 1.3.4.

  • CVE-2024-54365HigDec 16, 2024
    risk 0.57cvss 8.8epss 0.01

    Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through <= 1.0.0.

  • CVE-2024-50506HigOct 30, 2024
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in azexo Marketing Automation by AZEXO marketing-automation-by-azexo allows Privilege Escalation.This issue affects Marketing Automation by AZEXO: from n/a through <= 1.27.80.

  • CVE-2024-50504HigOct 30, 2024
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in webxmedia Bulk Change Role bulk-role-change allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through <= 1.1.

  • CVE-2024-50481HigOct 29, 2024
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in stackthemes Bstone Demo Importer bstone-demo-importer allows Privilege Escalation.This issue affects Bstone Demo Importer: from n/a through <= 1.0.1.

  • CVE-2024-49608HigOct 20, 2024
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in gerryworks GERRYWORKS Post by Mail gerryworks-post-by-mail allows Privilege Escalation.This issue affects GERRYWORKS Post by Mail: from n/a through <= 1.0.

  • CVE-2024-49219HigOct 17, 2024
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in themexpo RS-Members rs-members allows Privilege Escalation.This issue affects RS-Members: from n/a through <= 1.0.3.

  • CVE-2024-9863CriOct 17, 2024
    risk 0.57cvss 9.8epss 0.01

    The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. This makes it possible for unauthenticated…

  • CVE-2024-22303HigSep 17, 2024
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4.

  • CVE-2024-21743HigSep 17, 2024
    risk 0.57cvss 8.8epss 0.00

    Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5.

  • CVE-2024-32959HigMay 17, 2024
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.2.

  • CVE-2024-32507HigMay 17, 2024
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.7.16.

  • CVE-2023-38298HigApr 22, 2024
    risk 0.57cvss 8.8epss 0.00

    Various software builds for the following TCL devices (30Z, A3X, 20XE, 10L) leak the device IMEI to a system property that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining…

  • CVE-2024-2409CriMar 29, 2024
    risk 0.57cvss 9.8epss 0.01

    The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes…

  • CVE-2023-6009HigNov 22, 2023
    risk 0.57cvss 8.8epss 0.01

    The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a…

  • CVE-2023-4153HigSep 13, 2023
    risk 0.57cvss 8.8epss 0.01

    The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3dev_save_ban_user_settings_callback' function. This makes it possible for authenticated attackers, with minimal…

  • CVE-2025-52726HigJun 27, 2025
    risk 0.56cvss 8.6epss 0.00

    Incorrect Privilege Assignment vulnerability in pebas CouponXxL Custom Post Types couponxxl-cpt allows Privilege Escalation.This issue affects CouponXxL Custom Post Types: from n/a through <= 3.0.

  • CVE-2025-10577HigOct 15, 2025
    risk 0.55cvss epss 0.00

    Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. HP is releasing updated audio packages to mitigate the potential vulnerabilities