CWE-269
Improper Privilege Management
ClassDraftLikelihood: Medium
Description
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-122 · CAPEC-233 · CAPEC-58
CVEs mapped to this weakness (420)
page 1 of 21| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-5689 | Cri | 0.86 | 9.8 | 0.94 | KEV | May 2, 2017 | An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT). |
| CVE-2016-0151 | Hig | 0.74 | 7.8 | 0.32 | KEV | Apr 12, 2016 | The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability." |
| CVE-2013-0643 | Hig | 0.74 | 8.8 | 0.59 | KEV | Feb 27, 2013 | The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013. |
| CVE-2014-1511 | Cri | 0.72 | 9.8 | 0.70 | Mar 19, 2014 | Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors. | |
| CVE-2014-1510 | Cri | 0.72 | 9.8 | 0.71 | Mar 19, 2014 | The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call. | |
| CVE-2025-8489 | Cri | 0.71 | 9.8 | 0.49 | Oct 31, 2025 | The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that users can register with. This makes it possible for unauthenticated attackers to register with administrator-level user accounts. | |
| CVE-2024-6624 | Cri | 0.67 | 9.8 | 0.43 | Jul 11, 2024 | The JSON API User plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.9.3. This is due to improper controls on custom user meta fields. This makes it possible for unauthenticated attackers to register as administrators on the site. The plugin requires the JSON API plugin to also be installed. | |
| CVE-2026-1492 | Cri | 0.66 | 9.8 | 0.24 | Mar 3, 2026 | The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege management in all versions up to, and including, 5.1.2. This is due to the plugin accepting a user-supplied role during membership registration without properly enforcing a server-side allowlist. This makes it possible for unauthenticated attackers to create administrator accounts by supplying a role value during membership registration. | |
| CVE-2025-6934 | Cri | 0.66 | 9.8 | 0.28 | Jul 1, 2025 | The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering. | |
| CVE-2025-4334 | Cri | 0.66 | 9.8 | 0.34 | Jun 26, 2025 | The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can be supplied during registration. This makes it possible for unauthenticated attackers to register as an administrator. | |
| CVE-2002-0367 | Hig | 0.66 | 7.8 | 0.02 | KEV | Jun 25, 2002 | smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit. |
| CVE-2025-0505 | Cri | 0.65 | 10.0 | 0.00 | May 8, 2025 | On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected. | |
| CVE-2025-13618 | Cri | 0.64 | 9.8 | 0.00 | May 5, 2026 | The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to the plugin not properly restricting the roles that users can register with in the mentoring_process_registration() function. This makes it possible for unauthenticated attackers to register with administrator-level user accounts. | |
| CVE-2026-30269 | Cri | 0.64 | 9.9 | 0.00 | Apr 20, 2026 | Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The `role` field is accepted by the update model without a manage_users permission check for self-updates, enabling privilege escalation to high-privileged roles. | |
| CVE-2026-4880 | Cri | 0.64 | 9.8 | 0.00 | Apr 16, 2026 | The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied Base64-encoded user ID in the token parameter to identify users, leaking valid authentication tokens through the 'barcodeScannerConfigs' action, and lacking meta-key restrictions on the 'setUserMeta' action. This makes it possible for unauthenticated attackers to escalate their privileges to that of an administrator by first spoofing the admin user ID to leak their authentication token, then using that token to update any user's 'wp_capabilities' meta to gain full administrative access. | |
| CVE-2025-70888 | Cri | 0.64 | 9.8 | 0.00 | Mar 25, 2026 | An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component | |
| CVE-2026-2631 | Cri | 0.64 | 9.8 | 0.00 | Mar 11, 2026 | The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST endpoint that allows any remote user to modify the option `datalogics_token` without verification. This token is subsequently used for authentication in a protected endpoint that allows users to perform arbitrary WordPress `update_option()` operations. Attackers can use this to enable registartion and to set the default role as Administrator. | |
| CVE-2025-12981 | Cri | 0.64 | 9.8 | 0.00 | Feb 27, 2026 | The Listee theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.6. This is due to a broken validation check in the bundled listee-core plugin's user registration function that fails to properly sanitize the user_role parameter. This makes it possible for unauthenticated attackers to register as Administrator by manipulating the user_role parameter during registration. | |
| CVE-2026-2782 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | |
| CVE-2026-2780 | Cri | 0.64 | 9.8 | 0.00 | Feb 24, 2026 | Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. |