CWE-269: Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control.
Yearly Trend
Top Affected Vendors
All Improper Privilege Management CVEs (802)
This vulnerability allows a malicious user to exploit a remote administrative service in FlashArray Purity to create unauthorized privileged accounts ...
Sep 23, 2024This CVE describes an incorrect privilege matrix vulnerability in Rockwell Automation products that allows authenticated users to access functions and...
Sep 12, 2024This vulnerability in the realmag777 HUSKY WordPress plugin allows attackers to escalate privileges, potentially gaining administrative access. It aff...
Aug 13, 2024This vulnerability in Microsoft Defender for IoT allows an authenticated attacker to elevate privileges to SYSTEM level on the affected device. It aff...
Jul 9, 2024This vulnerability in Tenda N300 F3 routers allows attackers to bypass password policy enforcement and set weak passwords, potentially compromising ro...
Apr 26, 2024This vulnerability allows malicious Android apps to bypass broadcast protection mechanisms by exploiting exported broadcast receivers. It affects Andr...
Mar 11, 2024CVE-2024-21638 is an authentication bypass vulnerability in Azure IPAM that allows attackers to impersonate privileged users by manipulating authentic...
Jan 10, 2024CVE-2023-41807 is an improper privilege management vulnerability in Pandora FMS that allows authenticated users to escalate their permissions to gain ...
Nov 23, 2023This vulnerability in KubePi allows any authenticated user to elevate privileges to administrator by modifying the 'isadmin' parameter when creating o...
Jul 21, 2023CVE-2023-30799 is a privilege escalation vulnerability in MikroTik RouterOS that allows authenticated admin users to gain super-admin privileges via W...
Jul 19, 2023This CVE-2023-25133 is an improper privilege management vulnerability in PowerPanel Business software that allows remote attackers to execute operatin...
Apr 24, 2023CVE-2021-39982 is an improper privilege management vulnerability in Huawei's Phone Manager application that allows attackers to read and write arbitra...
Jan 3, 2022CVE-2020-9141 is an improper privilege management vulnerability in certain Huawei smartphones that allows attackers to bypass security controls due to...
Jan 13, 2021This vulnerability allows privilege escalation in Endress+Hauser Ecograph T devices. When users with lower privileges log in, they may inherit higher ...
Nov 19, 2020This vulnerability allows unprivileged users to trick administrators into editing malicious content in XWiki's WYSIWYG editor, executing arbitrary cod...
Aug 19, 2024This CVE describes an authenticated privilege escalation vulnerability in McAfee Web Gateway (MWG) that allows authenticated users to gain elevated pr...
Feb 17, 2021This vulnerability allows authenticated WordPress users with Author-level access or higher to register administrator accounts through a registration f...
Mar 7, 2026This vulnerability allows authenticated attackers with Agent-level access in the LatePoint WordPress plugin to escalate privileges by linking customer...
Mar 3, 2026This vulnerability allows any authenticated non-admin user in WireGuard Portal to elevate their privileges to full administrator by sending a crafted ...
Feb 26, 2026This vulnerability allows authenticated users with editor roles in Formwork CMS to create new accounts with administrative privileges. It affects all ...
Feb 21, 2026The Toret Manager WordPress plugin has a privilege escalation vulnerability that allows authenticated users with Subscriber-level access or higher to ...
Feb 19, 2026CVE-2024-50619 allows authenticated low-privileged users in CIPPlanner CIPAce to escalate privileges by manipulating user IDs to access other accounts...
Feb 11, 2026The JAY Login & Register WordPress plugin contains a privilege escalation vulnerability that allows authenticated users with Subscriber-level access o...
Feb 8, 2026A privilege escalation vulnerability exists in the Nessus Agent Tray App installation/uninstallation process on Windows. Attackers with local access c...
Jan 13, 2026The Tiger WordPress theme contains a privilege escalation vulnerability that allows authenticated users with Subscriber-level access or higher to elev...
Nov 27, 2025The LifterLMS WordPress plugin contains a privilege escalation vulnerability that allows authenticated users with student-level access or higher to el...
Nov 13, 2025This vulnerability in Intel CIP software allows unprivileged authenticated users to escalate privileges via network access without user interaction. I...
Nov 11, 2025The Mementor Core WordPress plugin has a privilege escalation vulnerability that allows authenticated attackers with Subscriber-level access or higher...
Nov 11, 2025This vulnerability in NCR Atleos Terminal Manager (ConfigApp) v3.4.0 allows attackers to escalate privileges through specially crafted requests. Attac...
Oct 29, 2025This vulnerability allows attackers with permission to modify Active Directory attributes (like userPrincipalName or samAccountName) to impersonate pr...
Oct 9, 2025This vulnerability allows authenticated remote attackers to escalate privileges on HPE Aruba EdgeConnect SD-WAN Gateways, potentially enabling executi...
Sep 16, 2025This vulnerability in Android's WLAN subsystem on Google Pixel devices allows local attackers to gain elevated privileges. Attackers could execute arb...
Sep 4, 2025The Event List WordPress plugin has a privilege escalation vulnerability that allows authenticated users with Subscriber-level access or higher to ele...
Aug 26, 2025This vulnerability allows attackers to escalate privileges when logging into Mahara using Learning Tools Interoperability (LTI). Attackers could gain ...
Aug 26, 2025This privilege escalation vulnerability in Langflow allows authenticated users with RCE access to create new administrative accounts using the interna...
Aug 25, 2025The WPGYM WordPress Gym Management System plugin has a privilege escalation vulnerability that allows authenticated users with Subscriber-level access...
Aug 16, 2025A privilege escalation vulnerability in Apache CloudStack allows malicious Domain Admin users in the ROOT domain to reset passwords of Admin role acco...
Jun 10, 2025This vulnerability in Axis Communications' VAPIX Device Configuration framework allows lower-privileged users to escalate their privileges to administ...
Jun 2, 2025The WooCommerce Multiple Addresses plugin for WordPress has a privilege escalation vulnerability that allows authenticated users with Subscriber-level...
May 7, 2025The WPshop 2 WordPress plugin allows authenticated attackers with subscriber-level access or higher to change arbitrary users' passwords, including ad...
May 7, 2025This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to escalate their privileges to Administrator by exploi...
Apr 24, 2025The WPC Admin Columns WordPress plugin allows authenticated attackers with Subscriber-level access or higher to escalate their privileges to administr...
Apr 12, 2025The Vehica Core WordPress plugin has a privilege escalation vulnerability that allows authenticated users with Subscriber-level access or higher to el...
Apr 4, 2025This privilege escalation vulnerability in saTECH BCU firmware allows attackers with CLI access to bypass restrictions and gain superuser privileges u...
Mar 28, 2025The Industrial WordPress theme has a privilege escalation vulnerability that allows authenticated attackers with subscriber-level access to modify Wor...
Mar 14, 2025The Templines Elementor Helper Core WordPress plugin allows authenticated attackers with Subscriber-level access to escalate privileges to Administrat...
Feb 27, 2025This vulnerability allows authenticated users on NetScaler Console and NetScaler Agent to escalate their privileges to higher levels than intended. At...
Feb 20, 2025This vulnerability in Orbe ONetView Roeador Onet-1200 allows remote attackers to escalate privileges by manipulating server responses from status code...
Feb 14, 2025This vulnerability allows authenticated attackers on Mitel OpenScape 4000 and OpenScape 4000 Manager systems to escalate privileges and execute arbitr...
Feb 6, 2025The WooCommerce Customers Manager plugin for WordPress has a privilege escalation vulnerability that allows authenticated users with Subscriber-level ...
Feb 1, 2025About Improper Privilege Management (CWE-269)
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control.
Our database tracks 802 CVEs classified as CWE-269, with 166 rated critical and 546 rated high severity. The average CVSS score for Improper Privilege Management vulnerabilities is 8.1.
External reference: View CWE-269 on MITRE CWE →
Monitor Improper Privilege Management Vulnerabilities
Get alerted when new Improper Privilege Management CVEs affect your infrastructure.
Start Monitoring Free