CWE-269
Improper Privilege Management
ClassDraftLikelihood: Medium
Description
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-122 · CAPEC-233 · CAPEC-58
CVEs mapped to this weakness (567)
page 4 of 29| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-7493 | Cri | 0.64 | 9.8 | 0.01 | Sep 6, 2024 | The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for unauthenticated attackers to update their role to that of an administrator during registration. | |
| CVE-2024-33872 | Cri | 0.64 | 9.8 | 0.00 | Aug 20, 2024 | Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges. | |
| CVE-2024-43311 | Cri | 0.64 | 9.8 | 0.00 | Aug 19, 2024 | Improper Privilege Management vulnerability in Geek Code Lab Login As Users allows Privilege Escalation.This issue affects Login As Users: from n/a through 1.4.2. | |
| CVE-2024-43245 | Cri | 0.64 | 9.8 | 0.00 | Aug 19, 2024 | Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This issue affects JobSearch: from n/a through 2.3.4. | |
| CVE-2024-38770 | Cri | 0.64 | 9.8 | 0.00 | Aug 1, 2024 | Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.20. | |
| CVE-2024-33374 | Cri | 0.64 | 9.8 | 0.00 | Jun 14, 2024 | Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication. | |
| CVE-2024-33226 | Cri | 0.64 | 9.9 | 0.00 | May 22, 2024 | An issue in the component Access64.sys of Wistron Corporation TBT Force Power Control v1.0.0.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. | |
| CVE-2024-33567 | Cri | 0.64 | 9.8 | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3. | |
| CVE-2024-32511 | Cri | 0.64 | 9.8 | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.This issue affects Simple Registration for WooCommerce: from n/a through 1.5.6. | |
| CVE-2024-31290 | Cri | 0.64 | 9.8 | 0.00 | May 17, 2024 | Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through 1.0.9.1. | |
| CVE-2024-22157 | Cri | 0.64 | 9.8 | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in WebWizards SalesKing allows Privilege Escalation.This issue affects SalesKing: from n/a through 1.6.15. | |
| CVE-2023-51483 | Cri | 0.64 | 9.8 | 0.00 | May 17, 2024 | Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1. | |
| CVE-2023-51481 | Cri | 0.64 | 9.8 | 0.00 | May 17, 2024 | Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through 1.9.0. | |
| CVE-2023-51476 | Cri | 0.64 | 9.8 | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in IOSS WP MLM Unilevel allows Privilege Escalation.This issue affects WP MLM Unilevel: from n/a through 4.0. | |
| CVE-2023-51424 | Cri | 0.64 | 9.8 | 0.00 | May 17, 2024 | Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 3.05.0. | |
| CVE-2023-32244 | Cri | 0.64 | 9.8 | 0.00 | May 17, 2024 | Improper Privilege Management vulnerability in xtemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36. | |
| CVE-2023-26540 | Cri | 0.64 | 9.8 | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1. | |
| CVE-2023-26009 | Cri | 0.64 | 9.8 | 0.01 | May 17, 2024 | Improper Privilege Management vulnerability in Favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3. | |
| CVE-2023-51425 | Cri | 0.64 | 9.8 | 0.00 | Apr 24, 2024 | Improper Privilege Management vulnerability in Jacques Malgrange Rencontre – Dating Site allows Privilege Escalation.This issue affects Rencontre – Dating Site: from n/a through 3.10.1. | |
| CVE-2024-29667 | Cri | 0.64 | 9.8 | 0.00 | Mar 29, 2024 | SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids parameter. |