VYPR

CWE-269

Improper Privilege Management

ClassDraftLikelihood: Medium

Description

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-122 · CAPEC-233 · CAPEC-58

CVEs mapped to this weakness (1,039)

page 4 of 52
  • CVE-2024-33374CriJun 14, 2024
    risk 0.64cvss 9.8epss 0.01

    Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication.

  • CVE-2024-33226CriMay 22, 2024
    risk 0.64cvss 9.9epss 0.00

    An issue in the component Access64.sys of Wistron Corporation TBT Force Power Control v1.0.0.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

  • CVE-2024-33567CriMay 17, 2024
    risk 0.64cvss 9.8epss 0.01

    Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3.

  • CVE-2024-32511CriMay 17, 2024
    risk 0.64cvss 9.8epss 0.01

    Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.This issue affects Simple Registration for WooCommerce: from n/a through 1.5.6.

  • CVE-2024-31290CriMay 17, 2024
    risk 0.64cvss 9.8epss 0.01

    Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through 1.0.9.1.

  • CVE-2024-22157CriMay 17, 2024
    risk 0.64cvss 9.8epss 0.01

    Improper Privilege Management vulnerability in WebWizards SalesKing allows Privilege Escalation.This issue affects SalesKing: from n/a through 1.6.15.

  • CVE-2023-51483CriMay 17, 2024
    risk 0.64cvss 9.8epss 0.01

    Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1.

  • CVE-2023-51481CriMay 17, 2024
    risk 0.64cvss 9.8epss 0.01

    Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through 1.9.0.

  • CVE-2023-51476CriMay 17, 2024
    risk 0.64cvss 9.8epss 0.01

    Improper Privilege Management vulnerability in IOSS WP MLM Unilevel allows Privilege Escalation.This issue affects WP MLM Unilevel: from n/a through 4.0.

  • CVE-2023-51424CriMay 17, 2024
    risk 0.64cvss 9.8epss 0.01

    Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 3.05.0.

  • CVE-2023-32244CriMay 17, 2024
    risk 0.64cvss 9.8epss 0.01

    Improper Privilege Management vulnerability in xtemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36.

  • CVE-2023-26540CriMay 17, 2024
    risk 0.64cvss 9.8epss 0.03

    Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1.

  • CVE-2023-26009CriMay 17, 2024
    risk 0.64cvss 9.8epss 0.03

    Improper Privilege Management vulnerability in Favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3.

  • CVE-2023-51425CriApr 24, 2024
    risk 0.64cvss 9.8epss 0.01

    Improper Privilege Management vulnerability in Jacques Malgrange Rencontre – Dating Site allows Privilege Escalation.This issue affects Rencontre – Dating Site: from n/a through 3.10.1.

  • CVE-2024-29667CriMar 29, 2024
    risk 0.64cvss 9.8epss 0.01

    SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids parameter.

  • CVE-2023-49232CriMar 29, 2024
    risk 0.64cvss 9.8epss 0.02

    An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to brute-force the password reset PINs of administrative users.

  • CVE-2023-4662CriSep 15, 2023
    risk 0.64cvss 9.8epss 0.01

    Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion. This issue affects Saphira Connect: before 9.

  • CVE-2023-4404CriAug 23, 2023
    risk 0.64cvss 9.8epss 0.01

    The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user…

  • CVE-2018-0425CriOct 5, 2018
    risk 0.64cvss 9.8epss 0.03

    A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information.…

  • CVE-2018-9853CriJul 10, 2018
    risk 0.64cvss 9.8epss 0.01

    Insecure access control in freeSSHd version 1.3.1 allows attackers to obtain the privileges of the freesshd.exe process by leveraging the ability to login to an unprivileged account on the server.