VYPR

CWE-269

Improper Privilege Management

ClassDraftLikelihood: Medium

Description

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-122 · CAPEC-233 · CAPEC-58

CVEs mapped to this weakness (1,039)

page 11 of 52
  • CVE-2025-47420HigMay 6, 2025
    risk 0.57cvss epss 0.00

    266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49.

  • CVE-2025-2238HigApr 25, 2025
    risk 0.57cvss 8.8epss 0.00

    The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30. This is due to insufficient user_meta restrictions in the 'vikinger_user_meta_update_ajax' function. This makes it possible for authenticated attackers, with…

  • CVE-2025-3101HigApr 24, 2025
    risk 0.57cvss 8.8epss 0.00

    The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated…

  • CVE-2025-28237HigApr 18, 2025
    risk 0.57cvss 8.8epss 0.00

    An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 allows authenticated attackers to escalate privileges via a crafted JSON payload.

  • CVE-2025-3105HigApr 4, 2025
    risk 0.57cvss 8.8epss 0.00

    The Vehica Core plugin for WordPress, used by the Vehica - Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 1.0.97. This is due to the plugin not properly validating user meta fields prior to updating them in the…

  • CVE-2025-24254HigMar 31, 2025
    risk 0.57cvss 8.8epss 0.01

    This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A user may be able to elevate privileges.

  • CVE-2024-13376HigMar 14, 2025
    risk 0.57cvss 8.8epss 0.00

    The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_items() function in all versions up to, and including, 1.7.8. This makes it…

  • CVE-2025-1295HigFeb 27, 2025
    risk 0.57cvss 8.8epss 0.00

    The Templines Elementor Helper Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.7. This is due to allowing arbitrary user meta updates. This makes it possible for authenticated attackers, with Subscriber-level access and…

  • CVE-2025-23093HigFeb 6, 2025
    risk 0.57cvss 8.8epss 0.01

    The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager through V10 R1.54.1 and V11 through R0.22.1 could allow an authenticated attacker to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful…

  • CVE-2024-9636CriJan 15, 2025
    risk 0.57cvss 9.8epss 0.01

    The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated…

  • CVE-2024-38499HigDec 17, 2024
    risk 0.57cvss 8.8epss 0.00

    CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a…

  • CVE-2024-9192HigNov 16, 2024
    risk 0.57cvss 8.8epss 0.01

    The WordPress Video Robot - The Ultimate Video Importer plugin for WordPress is vulnerable to privilege escalation due to insufficient validation on user meta that can be updated in the wpvr_rate_request_result() function in all versions up to, and including, 1.20.0. This makes…

  • CVE-2024-51734HigNov 4, 2024
    risk 0.57cvss epss 0.00

    Zope AccessControl provides a general security framework for use in Zope. In affected versions anonymous users can delete the user data maintained by an `AccessControl.userfolder.UserFolder` which may prevent any privileged access. This problem has been fixed in version 7.2.…

  • CVE-2024-45496CriSep 17, 2024
    risk 0.57cvss 9.9epss 0.01

    A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to…

  • CVE-2024-7493CriSep 6, 2024
    risk 0.57cvss 9.8epss 0.01

    The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for unauthenticated attackers…

  • CVE-2024-21807HigAug 14, 2024
    risk 0.57cvss 8.8epss 0.00

    Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-39634HigAug 1, 2024
    risk 0.57cvss 8.8epss 0.00

    Improper Privilege Management vulnerability in IdeaBox PowerPack Pro for Elementor allows Privilege Escalation.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.14.

  • CVE-2024-39633HigAug 1, 2024
    risk 0.57cvss 8.8epss 0.00

    Improper Privilege Management vulnerability in IdeaBox PowerPack for Beaver Builder allows Privilege Escalation.This issue affects PowerPack for Beaver Builder: from n/a through 2.33.0.

  • CVE-2024-6411HigJul 10, 2024
    risk 0.57cvss 8.8epss 0.01

    The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. This is due to a lack of validation on user-supplied data in the 'pm_upload_image' AJAX action. This makes it…

  • CVE-2024-36586HigJun 13, 2024
    risk 0.57cvss 8.8epss 0.00

    An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary.