CWE-266: CWE-266

This vulnerability allows attackers to escalate privileges in the WordPress Institutions Directory plugin. Attackers could gain administrative access ...

This vulnerability allows attackers to escalate privileges in the Hospital Doctor Directory WordPress plugin, potentially gaining administrative acces...

This vulnerability allows attackers to escalate privileges in the Lawyer Directory WordPress plugin due to incorrect privilege assignment. Attackers c...

This vulnerability allows attackers to escalate privileges in the Jthemes xSmart WordPress theme due to incorrect privilege assignment. Attackers can ...

This vulnerability allows attackers to escalate privileges in Dasinfomedia WPCHURCH WordPress plugin, potentially gaining administrative access. It af...

This CVE describes an Incorrect Privilege Assignment vulnerability in two AA-Team WordPress plugins that allows attackers to escalate privileges. It a...

This CVE describes an incorrect privilege assignment vulnerability in the Jthemes Sale! Immigration law WordPress theme (immiex) that allows authentic...

A privilege escalation vulnerability in Grav's Admin plugin allows users with create-user permissions to overwrite administrator accounts by creating ...

This CVE describes a privilege escalation vulnerability in fail2ban-client v0.11.2 where users with limited sudo privileges can execute arbitrary comm...

This vulnerability allows low-privileged users in WBCE CMS to escalate their privileges to full administrative access by manipulating the groups[] par...

This vulnerability allows Kubernetes users with only namespace-level permissions to create a MonitorStack resource, which triggers the Observability O...

This CVE describes an incorrect privilege assignment vulnerability in the uxper Togo WordPress theme that allows privilege escalation. Attackers can g...

This vulnerability allows attackers to escalate privileges in the Advanced Scrollbar WordPress plugin. It affects WordPress sites using Advanced Scrol...

This vulnerability allows attackers to escalate privileges in the Voice Feedback WordPress plugin due to incorrect privilege assignment. Attackers can...

This vulnerability allows attackers to escalate privileges in WordPress sites using the extendons WooCommerce Registration Fields Plugin. Attackers ca...

This vulnerability allows attackers to escalate privileges in WordPress sites using the Goodlayers Core plugin. Attackers could gain administrative ac...

CVE-2025-48165 is an incorrect privilege assignment vulnerability in the DELUCKS SEO WordPress plugin that allows authenticated attackers to escalate ...

CVE-2025-48142 is an incorrect privilege assignment vulnerability in the Bookify WordPress plugin that allows authenticated users to escalate their pr...

CVE-2025-39542 is an incorrect privilege assignment vulnerability in Jauhari Xelion Xelion Webchat WordPress plugin that allows authenticated attacker...

The uListing WordPress plugin has a privilege escalation vulnerability that allows authenticated users with Subscriber-level access or higher to eleva...

This vulnerability allows authenticated administrators with Security Fabric permission to escalate their privileges to super-admin by connecting their...

This vulnerability in the Wouter Dijkstra DD Roles WordPress plugin allows attackers to escalate privileges due to incorrect privilege assignment. It ...

This vulnerability allows attackers to gain elevated privileges through incorrect privilege assignment in Drupal's Registration role module. It affect...

This vulnerability allows attackers to escalate privileges in WPGuppy WordPress plugins, potentially gaining administrative access. It affects all WPG...

This vulnerability allows attackers to escalate privileges in the AllAccessible WordPress plugin, potentially gaining administrative access to WordPre...

This vulnerability allows attackers to escalate privileges in Azexo Marketing Automation WordPress plugins. Attackers could gain administrative access...

This vulnerability allows attackers to escalate privileges in WordPress sites using the Bstone Demo Importer plugin. Attackers can gain administrative...

This vulnerability allows attackers to escalate privileges in the GERRYWORKS Post by Mail WordPress plugin. Users with lower-level permissions can gai...

This vulnerability allows attackers to escalate privileges in the Houzez WordPress theme due to incorrect privilege assignment. Attackers can gain adm...

The Post Grid and Gutenberg Blocks WordPress plugin has a privilege escalation vulnerability that allows authenticated users with subscriber-level acc...

This vulnerability in Tencent WeChat's web-view component allows attackers to bypass permission controls and access sensitive data like cookies. It af...

This vulnerability allows authenticated users on Windows systems to escalate their privileges through local access to the Zoom Desktop Client, Zoom VD...

This vulnerability allows authenticated but unprivileged remote attackers to escalate privileges to level 15 (highest administrative level) on Cisco A...

This vulnerability allows users with service:write permissions in Consul to modify Envoy proxy configurations for downstream services they don't own. ...

This vulnerability allows attackers to escalate privileges in the Hotel Listing WordPress plugin, potentially gaining administrative access. It affect...

This vulnerability in the CouponXxL Custom Post Types WordPress plugin allows attackers to escalate privileges due to incorrect privilege assignment. ...

This vulnerability in eLabFTW allows regular users to escalate privileges to administrator within teams where they are members. In versions after v5.0...

This vulnerability allows a read-only user on Extreme XOS network switches to escalate privileges to root administrator access by sending a specially ...

CVE-2023-50437 exposes sensitive authentication cookies (otpCookie) to administrators through specific API endpoints in Couchbase Server. This allows ...

This vulnerability in sd command v1.0.0 and earlier allows attackers to escalate privileges to root via specially crafted commands. It affects systems...

This vulnerability allows a local attacker to escalate privileges on Samsung devices due to a parcel mismatch in AuthenticationConfig. It affects Sams...

This vulnerability involves improper permission assignment in a note sharing module, allowing unauthorized access or manipulation of shared notes. Suc...

Dell PowerProtect Data Manager versions before 19.22 have an incorrect privilege assignment vulnerability that allows low-privileged remote attackers ...

This vulnerability allows attackers to escalate privileges in the Booking Activities WordPress plugin. Any WordPress site running Booking Activities v...

This vulnerability in Nomad's ACL policy lookup system can cause incorrect rule application and shadowing, potentially allowing unauthorized access to...

CVE-2025-23974 is an incorrect privilege assignment vulnerability in the ifkooo One-Login WordPress plugin that allows authenticated attackers to esca...

An improper authorization vulnerability in BerriAI/litellm grants internal_user_viewer accounts an overly privileged API key, allowing them to access ...

This vulnerability allows attackers to escalate privileges in LiteSpeed Cache WordPress plugin due to incorrect privilege assignment. Attackers can ga...

This vulnerability in NVIDIA Cumulus Linux and NVOS allows low-privileged users to execute unauthorized commands through the NVUE interface, potential...

A local privilege escalation vulnerability in Radarr 5.28.0.10274 allows attackers with local access to manipulate service permissions. This could ena...