CWE-269: Improper Privilege Management

This vulnerability allows unauthenticated attackers to register as administrators on WordPress sites using the Real Spaces theme. Attackers can gain f...

CVE-2025-8660 is a critical privilege escalation vulnerability in Broadcom software that allows authenticated users to gain elevated privileges beyond...

The Reveal Listing WordPress plugin allows unauthenticated attackers to register accounts with administrator privileges by manipulating the 'listing_u...

The Service Finder SMS System WordPress plugin allows unauthenticated attackers to register administrator accounts due to improper user role validatio...

This vulnerability allows unauthenticated attackers to register accounts with Administrator privileges on WordPress sites using the Opal Estate Pro pl...

The Simple User Registration plugin for WordPress has a privilege escalation vulnerability that allows unauthenticated attackers to register as admini...

The UrbanGo Membership WordPress plugin allows unauthenticated attackers to register accounts with administrator privileges by manipulating the user_r...

A privilege escalation vulnerability in Erick xmall v1.1 and earlier allows remote attackers to gain elevated privileges through the updateAddress met...

This vulnerability in Adtran 411 ONT devices allows attackers to escalate privileges from a lower-privileged user to administrative access. It affects...

This vulnerability allows unauthenticated attackers to register administrator accounts on WordPress sites using the Realteo plugin with Findeo Theme. ...

The Javo Core WordPress plugin allows unauthenticated attackers to create accounts with administrator privileges due to improper role assignment durin...

The Homey Login Register WordPress plugin allows unauthenticated attackers to create accounts with administrator privileges in versions up to 2.4.0. T...

A privilege escalation vulnerability in EasyAppointments v1.5.0 allows remote attackers to gain elevated privileges through the index.php file. This a...

The WP Foodbakery WordPress plugin has a privilege escalation vulnerability that allows unauthenticated attackers to register as administrators. This ...

The Post Grid and Gutenberg Blocks WordPress plugin allows unauthenticated attackers to register as administrators due to improper user meta validatio...

The UserPlus WordPress plugin up to version 2.0 contains a privilege escalation vulnerability that allows unauthenticated attackers to assign themselv...

This vulnerability allows authenticated users to escalate privileges on Pure Storage FlashArray systems by making specific API calls. It affects admin...

This vulnerability allows attackers to perform man-in-the-middle attacks on TLS connections due to improper certificate validation. Any application or...

The Echo RSS Feed Post Generator WordPress plugin allows unauthenticated attackers to register administrator accounts due to improper role restriction...

This vulnerability in Parallels Desktop for Mac allows attackers to escalate privileges to root by exploiting a lack of code signature verification in...

The Webo-facto WordPress plugin up to version 1.40 contains a privilege escalation vulnerability that allows unauthenticated attackers to gain adminis...

This vulnerability in JimuReport v1.7.8 allows attackers to escalate privileges via a crafted GET request to the /jeecg-boot/jmreport/dict/list endpoi...

The WPCOM Member WordPress plugin allows unauthenticated attackers to register as administrators due to improper input validation. This affects all Wo...

An unauthenticated privilege escalation vulnerability in the eyecix JobSearch WordPress plugin allows attackers to take over administrator accounts wi...

This vulnerability allows non-administrator users to access import/export endpoints in Microcks, potentially enabling unauthorized data manipulation o...

This vulnerability in the WordPress plugin 'Backup and Staging by WP Time Capsule' allows attackers to bypass authentication and escalate privileges, ...

CVE-2024-37927 is an unauthenticated privilege escalation vulnerability in the NooTheme Jobmonster WordPress theme. Attackers can exploit this flaw to...

This vulnerability allows attackers to gain root access to the LB-LINK BL-W1210M v2.0 router via its UART/serial interface without authentication. Any...

This vulnerability in the UserPro WordPress plugin allows unauthenticated attackers to escalate privileges and take over user accounts. It affects all...

This vulnerability allows unauthenticated attackers to escalate privileges in the XStore Core WordPress plugin. Attackers can gain administrative acce...

This vulnerability allows unauthenticated attackers to escalate privileges in the Astoundify Simple Registration for WooCommerce WordPress plugin. Att...

This vulnerability allows unauthenticated attackers to escalate privileges in the Demo My WordPress plugin, potentially gaining administrative access ...

This vulnerability allows unauthenticated attackers to escalate privileges in the WholesaleX WordPress plugin. Attackers can gain administrative acces...

CVE-2024-24882 is an improper privilege management vulnerability in Masteriyo LMS WordPress plugin that allows attackers to escalate privileges, poten...

CVE-2024-22157 is an unauthenticated privilege escalation vulnerability in the SalesKing WordPress plugin. Attackers can exploit this to gain administ...

This vulnerability allows unauthenticated attackers to escalate privileges and take over accounts in the Local Delivery Drivers for WooCommerce WordPr...

CVE-2023-51424 is an unauthenticated privilege escalation vulnerability in the WebinarIgnition WordPress plugin. Attackers can exploit this flaw to ga...

This vulnerability allows unauthenticated attackers to escalate privileges in the HT Mega WordPress plugin. Attackers can gain administrative access t...

This vulnerability in the XTemos Woodmart Core WordPress plugin allows attackers to escalate privileges due to improper privilege management. Attacker...

This CVE describes an improper privilege management vulnerability in the Favethemes Houzez WordPress theme that allows attackers to escalate privilege...

This vulnerability in the Houzez Login Register WordPress plugin allows attackers to escalate privileges due to improper privilege management. Attacke...

A privilege escalation vulnerability in Nagios XI's Autodiscover component allows remote attackers to execute arbitrary code via crafted Dashlets. Thi...

This vulnerability allows unauthenticated attackers to escalate privileges in the Rencontre WordPress dating site plugin, potentially taking over any ...

This vulnerability in flusity CMS v2.33 allows remote attackers to execute arbitrary code through the add_addon.php component, leading to complete sys...

This SQL injection vulnerability in Tongtianxing Technology's CMSV6 vehicle monitoring platform allows remote attackers to execute arbitrary SQL comma...

CVE-2023-49232 is an authentication bypass vulnerability in Stilog Visual Planning 8 that allows unauthenticated attackers to brute-force password res...

This vulnerability allows attackers to bypass access controls in Multilaser RE160V and RE163V routers by modifying an HTTP header, granting complete a...

This SQL injection vulnerability in MyPrestaModules' Product Catalog Import module for PrestaShop allows attackers to execute arbitrary SQL commands. ...

This vulnerability in N-able N-central allows attackers to escalate privileges through API calls, potentially gaining administrative access. It affect...

CVE-2024-22922 is a privilege escalation vulnerability in Projectworlds Visitor Management System in PHP v1.0 that allows remote attackers to gain adm...