VYPR

CWE-269

Improper Privilege Management

ClassDraftLikelihood: Medium

Description

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-122 · CAPEC-233 · CAPEC-58

CVEs mapped to this weakness (1,039)

page 3 of 52
  • CVE-2025-13540CriNov 27, 2025
    risk 0.64cvss 9.8epss 0.00

    The Tiare Membership plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. This is due to the 'tiare_membership_init_rest_api_register' function not restricting what user roles a user can register with. This makes it possible for…

  • CVE-2025-13538CriNov 27, 2025
    risk 0.64cvss 9.8epss 0.00

    The FindAll Listing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.5. This is due to the 'findall_listing_user_registration_additional_params' function not restricting what user roles a user can register with. This makes it…

  • CVE-2025-13559CriNov 25, 2025
    risk 0.64cvss 9.8epss 0.00

    The EduKart Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'edukart_pro_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for…

  • CVE-2025-8900CriNov 3, 2025
    risk 0.64cvss 9.8epss 0.00

    The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_type' field. This makes it possible for…

  • CVE-2025-11533CriOct 11, 2025
    risk 0.64cvss 9.8epss 0.01

    The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the process_register() function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to…

  • CVE-2025-6758CriAug 19, 2025
    risk 0.64cvss 9.8epss 0.00

    The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'imic_agent_register' function in all versions up to, and including, 3.6. This is due to a lack of restriction in the registration role. This makes it…

  • CVE-2025-6994CriAug 6, 2025
    risk 0.64cvss 9.8epss 0.00

    The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.3. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'listing_user_role' field. This…

  • CVE-2025-5954CriAug 1, 2025
    risk 0.64cvss 9.8epss 0.00

    The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the…

  • CVE-2025-25962CriApr 29, 2025
    risk 0.64cvss 9.8epss 0.00

    An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function

  • CVE-2025-3278CriApr 19, 2025
    risk 0.64cvss 9.8epss 0.01

    The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role' field. This makes it…

  • CVE-2025-2237CriApr 1, 2025
    risk 0.64cvss 9.8epss 0.00

    The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to privilege escalation in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'process_register' function. This makes it possible for unauthenticated…

  • CVE-2024-12281CriMar 5, 2025
    risk 0.64cvss 9.8epss 0.00

    The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated…

  • CVE-2024-11951CriMar 5, 2025
    risk 0.64cvss 9.8epss 0.00

    The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers…

  • CVE-2025-0180CriFeb 11, 2025
    risk 0.64cvss 9.8epss 0.00

    The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.7. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated…

  • CVE-2024-3057CriOct 8, 2024
    risk 0.64cvss 9.8epss 0.00

    A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.

  • CVE-2024-34331CriSep 23, 2024
    risk 0.64cvss 9.8epss 0.01

    A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root.

  • CVE-2024-33872CriAug 20, 2024
    risk 0.64cvss 9.8epss 0.00

    Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges.

  • CVE-2024-43311CriAug 19, 2024
    risk 0.64cvss 9.8epss 0.00

    Improper Privilege Management vulnerability in Geek Code Lab Login As Users allows Privilege Escalation.This issue affects Login As Users: from n/a through 1.4.2.

  • CVE-2024-43245CriAug 19, 2024
    risk 0.64cvss 9.8epss 0.00

    Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This issue affects JobSearch: from n/a through 2.3.4.

  • CVE-2024-38770CriAug 1, 2024
    risk 0.64cvss 9.8epss 0.01

    Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.20.