Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5433 vulnerabilities reference this CWE, most recent first.

CVE-2026-21223 (GCVE-0-2026-21223)

Vulnerability from cvelistv5 – Published: 2026-01-16 21:28 – Updated: 2026-04-01 13:49
VLAI
Title
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Summary
Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
References
Impacted products
Vendor Product Version
Microsoft Microsoft Edge (Chromium-based) Affected: 1.0.0.0 , < 144.0.3719.82 (custom)
Create a notification for this product.
Date Public
2026-01-16 16:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-21223",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-21T04:55:21.514844Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T14:44:46.346Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Edge (Chromium-based)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "144.0.3719.82",
              "status": "affected",
              "version": "1.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "144.0.3719.82",
                  "versionStartIncluding": "1.0.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "datePublic": "2026-01-16T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269: Improper Privilege Management",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-01T13:49:21.981Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability",
          "tags": [
            "vendor-advisory",
            "patch"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21223"
        }
      ],
      "title": "Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2026-21223",
    "datePublished": "2026-01-16T21:28:30.158Z",
    "dateReserved": "2025-12-11T21:02:05.732Z",
    "dateUpdated": "2026-04-01T13:49:21.981Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-20246 (GCVE-0-2026-20246)

Vulnerability from cvelistv5 – Published: 2026-06-17 16:17 – Updated: 2026-06-17 17:17
VLAI
Title
Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability
Summary
A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Umbrella Insights Virtual Appliance Affected: 2.6.0
Affected: 2.5.6
Affected: 2.5
Affected: 2.4.12
Affected: 2.7
Affected: 2.6.2
Affected: 2.5.5
Affected: 2.5.4
Affected: 2.8
Affected: 2.6.1
Affected: 2.5.7
Affected: 1.5.4
Affected: 1.5.5
Affected: 1.5.6
Affected: 2.0.0
Affected: 2.0.2
Affected: 2.0.3
Affected: 2.1.0
Affected: 2.1.2
Affected: 2.1.4
Affected: 2.1.5
Affected: 2.2
Affected: 2.2.1
Affected: 2.3
Affected: 2.3.1
Affected: 2.4
Affected: 2.4.4
Affected: 2.4.6
Affected: 2.8.9
Affected: 3.0
Affected: 3.1
Affected: 3.2
Affected: 2.8.1
Affected: 2.8.2
Affected: 2.8.3
Affected: 2.8.4
Affected: 2.8.5
Affected: 3.0.1
Affected: 3.0.2
Affected: 3.0.4
Affected: 3.0.5
Affected: 3.1.1
Affected: 3.1.2
Affected: 3.1.3
Affected: 3.1.4
Affected: 3.2.1
Affected: 3.2.2
Affected: 3.2.3
Affected: 3.3
Affected: 3.3.1
Affected: 3.3.2
Affected: 3.3.3
Affected: 3.3.4
Affected: 3.4
Affected: 3.4.1
Affected: 3.4.2
Affected: 3.4.3
Affected: 3.4.4
Affected: 3.4.5
Affected: 3.4.6
Affected: 3.5
Affected: 2.7.1
Affected: 2.7.2
Affected: 2.7.6
Affected: 2.7.9
Affected: 2.7.10
Affected: 3.5.1
Affected: 3.5.2
Affected: 3.6.1
Affected: 3.6.2
Affected: 3.7
Affected: 3.7.1
Affected: 3.8.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20246",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T17:15:44.900787Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T17:17:13.797Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Umbrella Insights Virtual Appliance",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.0"
            },
            {
              "status": "affected",
              "version": "2.5.6"
            },
            {
              "status": "affected",
              "version": "2.5"
            },
            {
              "status": "affected",
              "version": "2.4.12"
            },
            {
              "status": "affected",
              "version": "2.7"
            },
            {
              "status": "affected",
              "version": "2.6.2"
            },
            {
              "status": "affected",
              "version": "2.5.5"
            },
            {
              "status": "affected",
              "version": "2.5.4"
            },
            {
              "status": "affected",
              "version": "2.8"
            },
            {
              "status": "affected",
              "version": "2.6.1"
            },
            {
              "status": "affected",
              "version": "2.5.7"
            },
            {
              "status": "affected",
              "version": "1.5.4"
            },
            {
              "status": "affected",
              "version": "1.5.5"
            },
            {
              "status": "affected",
              "version": "1.5.6"
            },
            {
              "status": "affected",
              "version": "2.0.0"
            },
            {
              "status": "affected",
              "version": "2.0.2"
            },
            {
              "status": "affected",
              "version": "2.0.3"
            },
            {
              "status": "affected",
              "version": "2.1.0"
            },
            {
              "status": "affected",
              "version": "2.1.2"
            },
            {
              "status": "affected",
              "version": "2.1.4"
            },
            {
              "status": "affected",
              "version": "2.1.5"
            },
            {
              "status": "affected",
              "version": "2.2"
            },
            {
              "status": "affected",
              "version": "2.2.1"
            },
            {
              "status": "affected",
              "version": "2.3"
            },
            {
              "status": "affected",
              "version": "2.3.1"
            },
            {
              "status": "affected",
              "version": "2.4"
            },
            {
              "status": "affected",
              "version": "2.4.4"
            },
            {
              "status": "affected",
              "version": "2.4.6"
            },
            {
              "status": "affected",
              "version": "2.8.9"
            },
            {
              "status": "affected",
              "version": "3.0"
            },
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "status": "affected",
              "version": "3.2"
            },
            {
              "status": "affected",
              "version": "2.8.1"
            },
            {
              "status": "affected",
              "version": "2.8.2"
            },
            {
              "status": "affected",
              "version": "2.8.3"
            },
            {
              "status": "affected",
              "version": "2.8.4"
            },
            {
              "status": "affected",
              "version": "2.8.5"
            },
            {
              "status": "affected",
              "version": "3.0.1"
            },
            {
              "status": "affected",
              "version": "3.0.2"
            },
            {
              "status": "affected",
              "version": "3.0.4"
            },
            {
              "status": "affected",
              "version": "3.0.5"
            },
            {
              "status": "affected",
              "version": "3.1.1"
            },
            {
              "status": "affected",
              "version": "3.1.2"
            },
            {
              "status": "affected",
              "version": "3.1.3"
            },
            {
              "status": "affected",
              "version": "3.1.4"
            },
            {
              "status": "affected",
              "version": "3.2.1"
            },
            {
              "status": "affected",
              "version": "3.2.2"
            },
            {
              "status": "affected",
              "version": "3.2.3"
            },
            {
              "status": "affected",
              "version": "3.3"
            },
            {
              "status": "affected",
              "version": "3.3.1"
            },
            {
              "status": "affected",
              "version": "3.3.2"
            },
            {
              "status": "affected",
              "version": "3.3.3"
            },
            {
              "status": "affected",
              "version": "3.3.4"
            },
            {
              "status": "affected",
              "version": "3.4"
            },
            {
              "status": "affected",
              "version": "3.4.1"
            },
            {
              "status": "affected",
              "version": "3.4.2"
            },
            {
              "status": "affected",
              "version": "3.4.3"
            },
            {
              "status": "affected",
              "version": "3.4.4"
            },
            {
              "status": "affected",
              "version": "3.4.5"
            },
            {
              "status": "affected",
              "version": "3.4.6"
            },
            {
              "status": "affected",
              "version": "3.5"
            },
            {
              "status": "affected",
              "version": "2.7.1"
            },
            {
              "status": "affected",
              "version": "2.7.2"
            },
            {
              "status": "affected",
              "version": "2.7.6"
            },
            {
              "status": "affected",
              "version": "2.7.9"
            },
            {
              "status": "affected",
              "version": "2.7.10"
            },
            {
              "status": "affected",
              "version": "3.5.1"
            },
            {
              "status": "affected",
              "version": "3.5.2"
            },
            {
              "status": "affected",
              "version": "3.6.1"
            },
            {
              "status": "affected",
              "version": "3.6.2"
            },
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "status": "affected",
              "version": "3.7.1"
            },
            {
              "status": "affected",
              "version": "3.8.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "Improper Privilege Management",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T16:17:13.708Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-umbrella-priv-esc-F4wJB7AU",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-umbrella-priv-esc-F4wJB7AU"
        }
      ],
      "source": {
        "advisory": "cisco-sa-umbrella-priv-esc-F4wJB7AU",
        "defects": [
          "CSCwt75291"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco Umbrella Virtual Appliance Privilege Escalation Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20246",
    "datePublished": "2026-06-17T16:17:13.708Z",
    "dateReserved": "2025-10-08T11:59:15.400Z",
    "dateUpdated": "2026-06-17T17:17:13.797Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

GCVE-1-2026-20092 (CVE-2026-10868)

Vulnerability from gna-1 – Published: 2026-06-04 14:37 – Updated: 2026-06-12 06:57
VLAI
Title
MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification
Summary
A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit(). When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could craft a modified request containing another user identifier, potentially causing updates to be applied to an unintended user account. Depending on the editable fields and the attacker’s privileges, this could allow unauthorized modification of user account attributes and impact account integrity. The issue was addressed by explicitly removing the User.id field from request data before processing the user edit operation. If MISP.disableUserSelfManagement is enabled on the instance, non-admin users can not use the vulnerable endpoint.
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
misp misp Affected: 0 , ≤ 2.5.38 (semver)
Create a notification for this product.
Credits
Andras Iklody (the Insomniac MISP lead dev) 🕵️‍♂️ Jeroen Pinoy 🐞

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "misp",
          "vendor": "misp",
          "versions": [
            {
              "lessThanOrEqual": "2.5.38",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Andras Iklody"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Jeroen Pinoy"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in \u003ccode\u003eUsersController::edit()\u003c/code\u003e. When processing edit requests, the application accepted a user-controlled \u003ccode\u003eUser.id\u003c/code\u003e value from request data. An authenticated attacker could craft a modified request containing another user identifier, potentially causing updates to be applied to an unintended user account. Depending on the editable fields and the attacker\u2019s privileges, this could allow unauthorized modification of user account attributes and impact account integrity.\u003c/p\u003e\u003cp\u003eThe issue was addressed by explicitly removing the \u003ccode\u003eUser.id\u003c/code\u003e field from request data before processing the user edit operation.\u003c/p\u003e\u003cp\u003e\nIf MISP.disableUserSelfManagement is enabled on the instance, non-admin users can not use the vulnerable endpoint.\u003cbr\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit(). When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could craft a modified request containing another user identifier, potentially causing updates to be applied to an unintended user account. Depending on the editable fields and the attacker\u2019s privileges, this could allow unauthorized modification of user account attributes and impact account integrity.\n\nThe issue was addressed by explicitly removing the User.id field from request data before processing the user edit operation.\n\n\nIf MISP.disableUserSelfManagement is enabled on the instance, non-admin users can not use the vulnerable endpoint."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:H/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "orgId": "00000000-0000-4000-9000-000000000000"
      },
      "references": [
        {
          "url": "https://github.com/MISP/MISP/commit/1be8c413b7104a889dfd30c5b1986e3ab17238e8"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "MISP user edit endpoint mass assignment vulnerability allows unauthorized user account modification",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "00000000-0000-4000-9000-000000000000",
    "cveId": "CVE-2026-10868",
    "datePublished": "2026-06-04T14:37:00.000Z",
    "dateUpdated": "2026-06-12T06:57:43.643196Z",
    "requesterUserId": "00000000-0000-4000-9000-000000000000",
    "serial": 1,
    "state": "PUBLISHED",
    "vulnId": "gcve-1-2026-20092"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2026-20044 (GCVE-0-2026-20044)

Vulnerability from cvelistv5 – Published: 2026-03-04 17:17 – Updated: 2026-03-05 14:05
VLAI
Title
Cisco Secure Firewall Management Center Command Injection Vulnerability
Summary
A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, local attacker to perform arbitrary commands as root. This vulnerability is due to insufficient restrictions on remediation modules while in lockdown mode. An attacker could exploit this vulnerability by sending crafted input to the system CLI of the affected device. A successful exploit could allow the attacker to run arbitrary commands or code as root, even when the system is in lockdown mode. To exploit this vulnerability, the attacker must have valid administrative credentials.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Secure Firewall Management Center (FMC) Affected: 6.4.0.6
Affected: 6.4.0.7
Affected: 6.4.0.4
Affected: 6.4.0.1
Affected: 6.4.0.8
Affected: 6.4.0.2
Affected: 6.4.0.3
Affected: 6.4.0.5
Affected: 6.4.0
Affected: 6.4.0.9
Affected: 6.4.0.10
Affected: 6.4.0.11
Affected: 6.4.0.12
Affected: 7.0.0
Affected: 7.0.0.1
Affected: 7.0.1
Affected: 7.1.0
Affected: 6.4.0.13
Affected: 7.0.1.1
Affected: 6.4.0.14
Affected: 7.1.0.1
Affected: 7.0.2
Affected: 6.4.0.15
Affected: 7.2.0
Affected: 7.0.2.1
Affected: 7.0.3
Affected: 7.1.0.2
Affected: 7.2.0.1
Affected: 7.0.4
Affected: 7.2.1
Affected: 7.0.5
Affected: 6.4.0.16
Affected: 7.3.0
Affected: 7.2.2
Affected: 7.3.1
Affected: 7.2.3
Affected: 7.1.0.3
Affected: 7.2.3.1
Affected: 7.2.4
Affected: 7.0.6
Affected: 7.2.4.1
Affected: 7.2.5
Affected: 7.3.1.1
Affected: 7.4.0
Affected: 6.4.0.17
Affected: 7.0.6.1
Affected: 7.2.5.1
Affected: 7.4.1
Affected: 7.2.6
Affected: 7.4.1.1
Affected: 7.0.6.2
Affected: 6.4.0.18
Affected: 7.2.7
Affected: 7.2.5.2
Affected: 7.3.1.2
Affected: 7.2.8
Affected: 7.6.0
Affected: 7.4.2
Affected: 7.2.8.1
Affected: 7.0.6.3
Affected: 7.4.2.1
Affected: 7.2.9
Affected: 7.0.7
Affected: 7.7.0
Affected: 7.4.2.2
Affected: 7.2.10
Affected: 7.6.1
Affected: 7.4.2.3
Affected: 7.0.8
Affected: 7.6.2
Affected: 7.7.10
Affected: 7.2.10.1
Affected: 7.0.8.1
Affected: 7.6.2.1
Affected: 7.2.10.2
Affected: 7.7.10.1
Affected: 7.4.2.4
Affected: 7.4.3
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-20044",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-05T04:55:44.137579Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-05T14:05:46.010Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Secure Firewall Management Center (FMC)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "6.4.0.6"
            },
            {
              "status": "affected",
              "version": "6.4.0.7"
            },
            {
              "status": "affected",
              "version": "6.4.0.4"
            },
            {
              "status": "affected",
              "version": "6.4.0.1"
            },
            {
              "status": "affected",
              "version": "6.4.0.8"
            },
            {
              "status": "affected",
              "version": "6.4.0.2"
            },
            {
              "status": "affected",
              "version": "6.4.0.3"
            },
            {
              "status": "affected",
              "version": "6.4.0.5"
            },
            {
              "status": "affected",
              "version": "6.4.0"
            },
            {
              "status": "affected",
              "version": "6.4.0.9"
            },
            {
              "status": "affected",
              "version": "6.4.0.10"
            },
            {
              "status": "affected",
              "version": "6.4.0.11"
            },
            {
              "status": "affected",
              "version": "6.4.0.12"
            },
            {
              "status": "affected",
              "version": "7.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.1"
            },
            {
              "status": "affected",
              "version": "7.1.0"
            },
            {
              "status": "affected",
              "version": "6.4.0.13"
            },
            {
              "status": "affected",
              "version": "7.0.1.1"
            },
            {
              "status": "affected",
              "version": "6.4.0.14"
            },
            {
              "status": "affected",
              "version": "7.1.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.2"
            },
            {
              "status": "affected",
              "version": "6.4.0.15"
            },
            {
              "status": "affected",
              "version": "7.2.0"
            },
            {
              "status": "affected",
              "version": "7.0.2.1"
            },
            {
              "status": "affected",
              "version": "7.0.3"
            },
            {
              "status": "affected",
              "version": "7.1.0.2"
            },
            {
              "status": "affected",
              "version": "7.2.0.1"
            },
            {
              "status": "affected",
              "version": "7.0.4"
            },
            {
              "status": "affected",
              "version": "7.2.1"
            },
            {
              "status": "affected",
              "version": "7.0.5"
            },
            {
              "status": "affected",
              "version": "6.4.0.16"
            },
            {
              "status": "affected",
              "version": "7.3.0"
            },
            {
              "status": "affected",
              "version": "7.2.2"
            },
            {
              "status": "affected",
              "version": "7.3.1"
            },
            {
              "status": "affected",
              "version": "7.2.3"
            },
            {
              "status": "affected",
              "version": "7.1.0.3"
            },
            {
              "status": "affected",
              "version": "7.2.3.1"
            },
            {
              "status": "affected",
              "version": "7.2.4"
            },
            {
              "status": "affected",
              "version": "7.0.6"
            },
            {
              "status": "affected",
              "version": "7.2.4.1"
            },
            {
              "status": "affected",
              "version": "7.2.5"
            },
            {
              "status": "affected",
              "version": "7.3.1.1"
            },
            {
              "status": "affected",
              "version": "7.4.0"
            },
            {
              "status": "affected",
              "version": "6.4.0.17"
            },
            {
              "status": "affected",
              "version": "7.0.6.1"
            },
            {
              "status": "affected",
              "version": "7.2.5.1"
            },
            {
              "status": "affected",
              "version": "7.4.1"
            },
            {
              "status": "affected",
              "version": "7.2.6"
            },
            {
              "status": "affected",
              "version": "7.4.1.1"
            },
            {
              "status": "affected",
              "version": "7.0.6.2"
            },
            {
              "status": "affected",
              "version": "6.4.0.18"
            },
            {
              "status": "affected",
              "version": "7.2.7"
            },
            {
              "status": "affected",
              "version": "7.2.5.2"
            },
            {
              "status": "affected",
              "version": "7.3.1.2"
            },
            {
              "status": "affected",
              "version": "7.2.8"
            },
            {
              "status": "affected",
              "version": "7.6.0"
            },
            {
              "status": "affected",
              "version": "7.4.2"
            },
            {
              "status": "affected",
              "version": "7.2.8.1"
            },
            {
              "status": "affected",
              "version": "7.0.6.3"
            },
            {
              "status": "affected",
              "version": "7.4.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.9"
            },
            {
              "status": "affected",
              "version": "7.0.7"
            },
            {
              "status": "affected",
              "version": "7.7.0"
            },
            {
              "status": "affected",
              "version": "7.4.2.2"
            },
            {
              "status": "affected",
              "version": "7.2.10"
            },
            {
              "status": "affected",
              "version": "7.6.1"
            },
            {
              "status": "affected",
              "version": "7.4.2.3"
            },
            {
              "status": "affected",
              "version": "7.0.8"
            },
            {
              "status": "affected",
              "version": "7.6.2"
            },
            {
              "status": "affected",
              "version": "7.7.10"
            },
            {
              "status": "affected",
              "version": "7.2.10.1"
            },
            {
              "status": "affected",
              "version": "7.0.8.1"
            },
            {
              "status": "affected",
              "version": "7.6.2.1"
            },
            {
              "status": "affected",
              "version": "7.2.10.2"
            },
            {
              "status": "affected",
              "version": "7.7.10.1"
            },
            {
              "status": "affected",
              "version": "7.4.2.4"
            },
            {
              "status": "affected",
              "version": "7.4.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, local attacker to perform arbitrary commands as root.\r\n\r\nThis vulnerability is due to insufficient restrictions on remediation modules while in lockdown mode. An attacker could exploit this vulnerability by sending crafted input to the system CLI of the affected device. A successful exploit could allow the attacker to run arbitrary commands or code as root, even when the system is in lockdown mode. To exploit this vulnerability, the attacker must have valid administrative credentials."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "Improper Privilege Management",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-04T17:46:50.148Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-fmc-cmd-inject-S9ZM4EJf",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inject-S9ZM4EJf"
        }
      ],
      "source": {
        "advisory": "cisco-sa-fmc-cmd-inject-S9ZM4EJf",
        "defects": [
          "CSCwq23375"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco Secure Firewall Management Center Command Injection Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2026-20044",
    "datePublished": "2026-03-04T17:17:41.169Z",
    "dateReserved": "2025-10-08T11:59:15.354Z",
    "dateUpdated": "2026-03-05T14:05:46.010Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-14719 (GCVE-0-2026-14719)

Vulnerability from cvelistv5 – Published: 2026-07-05 07:00 – Updated: 2026-07-06 13:28 X_Freeware
VLAI
Title
SourceCodester Onlne Examination & Learning Management System Registration Endpoint register.php privileges management
Summary
A flaw has been found in SourceCodester Onlne Examination & Learning Management System 1.0. The impacted element is an unknown function of the file register.php of the component Registration Endpoint. Executing a manipulation of the argument role can lead to improper privilege management. The attack can be executed remotely. The exploit has been published and may be used. The name of the affected product appears to have a typo in it.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
URL Tags
https://vuldb.com/vuln/376307 vdb-entrytechnical-description
https://vuldb.com/vuln/376307/cti signaturepermissions-required
https://vuldb.com/cve/CVE-2026-14719 third-party-advisory
https://vuldb.com/submit/847515 third-party-advisory
https://pastebin.com/Z4i5MGxk exploit
https://www.sourcecodester.com/ product
Impacted products
Vendor Product Version
SourceCodester Onlne Examination & Learning Management System Affected: 1.0
    cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
ameenkbrd (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-14719",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-06T13:28:23.055738Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-06T13:28:43.767Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Registration Endpoint"
          ],
          "product": "Onlne Examination \u0026 Learning Management System",
          "vendor": "SourceCodester",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "ameenkbrd (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in SourceCodester Onlne Examination \u0026 Learning Management System 1.0. The impacted element is an unknown function of the file register.php of the component Registration Endpoint. Executing a manipulation of the argument role can lead to improper privilege management. The attack can be executed remotely. The exploit has been published and may be used. The name of the affected product appears to have a typo in it."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-05T07:00:09.264Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-376307 | SourceCodester Onlne Examination \u0026 Learning Management System Registration Endpoint register.php privileges management",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/376307"
        },
        {
          "name": "VDB-376307 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/376307/cti"
        },
        {
          "name": "CVE-2026-14719 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-14719"
        },
        {
          "name": "Submit #847515 | SourceCodester (ampoldev) Online Examination \u0026 LMS (CICT Portal) by ampoldev 2026-05-25 Improper Privilege Management",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/847515"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://pastebin.com/Z4i5MGxk"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.sourcecodester.com/"
        }
      ],
      "tags": [
        "x_freeware"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-07-04T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-07-04T10:00:35.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "SourceCodester Onlne Examination \u0026 Learning Management System Registration Endpoint register.php privileges management"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-14719",
    "datePublished": "2026-07-05T07:00:09.264Z",
    "dateReserved": "2026-07-04T07:55:32.396Z",
    "dateUpdated": "2026-07-06T13:28:43.767Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-14482 (GCVE-0-2026-14482)

Vulnerability from cvelistv5 – Published: 2026-07-08 04:30 – Updated: 2026-07-08 13:57
VLAI
Title
多说社会化评论框 <= 1.2 - Unauthenticated Privilege Escalation via api.php 'option'/'value' Parameters
Summary
The 多说社会化评论框 plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. The vulnerability exists due to a missing capability and nonce check on a directly web-accessible API endpoint, combined with a trivially forgeable HMAC-SHA1 signature keyed on an always-empty WordPress option, which allows the endpoint's `update_option` handler to pass attacker-controlled `option` and `value` parameters directly to WordPress's `update_option` function without any allowlist or sanitization. This makes it possible for unauthenticated attackers to update arbitrary WordPress options — such as setting `default_role` to `administrator` and enabling open registration — and subsequently register an account with full administrator privileges.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
shen2 多说社会化评论框 Affected: 0 , ≤ 1.2 (semver)
Create a notification for this product.
Credits
Nasur ullah (Spy0x7)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-14482",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-08T13:57:36.253903Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-08T13:57:46.333Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "\u591a\u8bf4\u793e\u4f1a\u5316\u8bc4\u8bba\u6846",
          "vendor": "shen2",
          "versions": [
            {
              "lessThanOrEqual": "1.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Nasur ullah (Spy0x7)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The \u591a\u8bf4\u793e\u4f1a\u5316\u8bc4\u8bba\u6846 plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2. The vulnerability exists due to a missing capability and nonce check on a directly web-accessible API endpoint, combined with a trivially forgeable HMAC-SHA1 signature keyed on an always-empty WordPress option, which allows the endpoint\u0027s `update_option` handler to pass attacker-controlled `option` and `value` parameters directly to WordPress\u0027s `update_option` function without any allowlist or sanitization. This makes it possible for unauthenticated attackers to update arbitrary WordPress options \u2014 such as setting `default_role` to `administrator` and enabling open registration \u2014 and subsequently register an account with full administrator privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-08T04:30:50.223Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/732c7ccd-de50-4e27-8cb9-3bb0ed30f0b4?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/duoshuo/tags/1.2/LocalServer.php#L49"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/duoshuo/tags/1.2/LocalServer.php#L54"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/duoshuo/tags/1.2/api.php#L40"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-07T16:30:16.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "\u591a\u8bf4\u793e\u4f1a\u5316\u8bc4\u8bba\u6846 \u003c= 1.2 - Unauthenticated Privilege Escalation via api.php \u0027option\u0027/\u0027value\u0027 Parameters"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2026-14482",
    "datePublished": "2026-07-08T04:30:50.223Z",
    "dateReserved": "2026-07-02T16:25:33.538Z",
    "dateUpdated": "2026-07-08T13:57:46.333Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-14262 (GCVE-0-2026-14262)

Vulnerability from cvelistv5 – Published: 2026-07-11 03:44 – Updated: 2026-07-13 17:37
VLAI
Title
Simple JWT Login <= 3.6.6 - Authenticated (Subscriber+) Authentication Bypass to Privilege Escalation via 'payload' Parameter
Summary
The Simple JWT Login – Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in all versions up to, and including, 3.6.6 via the `payload` parameter. The vulnerability exists because `AuthenticateService::generatePayload()` only overwrites JWT payload keys whose names appear in the admin-configured `jwt_payload` list — leaving any attacker-supplied identity claims such as `email`, `id`, or `username` intact and signed into the JWT with the site's HS256 secret. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an Administrator by injecting a target administrator's email address into the `payload` parameter at the `/wp-json/simple-jwt-login/v1/auth` endpoint, then redeeming the resulting JWT at the `/autologin` endpoint to obtain a fully authenticated session as that administrator.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Credits
Navapon Premkasem (71C4)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-14262",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-13T17:36:58.883199Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-13T17:37:15.584Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Simple JWT Login \u2013 Allows you to use JWT on REST endpoints.",
          "vendor": "nicu_m",
          "versions": [
            {
              "lessThanOrEqual": "3.6.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Navapon Premkasem (71C4)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Simple JWT Login \u2013 Allows you to use JWT on REST endpoints. plugin for WordPress is vulnerable to Authentication Bypass to Privilege Escalation in all versions up to, and including, 3.6.6 via the `payload` parameter. The vulnerability exists because `AuthenticateService::generatePayload()` only overwrites JWT payload keys whose names appear in the admin-configured `jwt_payload` list \u2014 leaving any attacker-supplied identity claims such as `email`, `id`, or `username` intact and signed into the JWT with the site\u0027s HS256 secret. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an Administrator by injecting a target administrator\u0027s email address into the `payload` parameter at the `/wp-json/simple-jwt-login/v1/auth` endpoint, then redeeming the resulting JWT at the `/autologin` endpoint to obtain a fully authenticated session as that administrator."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-11T03:44:25.497Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cd97a7a4-9f57-4882-9e3e-0e9853416af9?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/simple-jwt-login/tags/3.6.6/src/Services/AuthenticateService.php#L34"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/simple-jwt-login/tags/3.6.6/src/Services/AuthenticateService.php#L163"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/simple-jwt-login/tags/3.6.6/src/Services/LoginService.php#L62"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/simple-jwt-login/tags/3.6.6/src/Services/BaseService.php#L269"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?reponame=\u0026old=3597277%40simple-jwt-login\u0026new=3597277%40simple-jwt-login"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-10T15:02:36.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Simple JWT Login \u003c= 3.6.6 - Authenticated (Subscriber+) Authentication Bypass to Privilege Escalation via \u0027payload\u0027 Parameter"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2026-14262",
    "datePublished": "2026-07-11T03:44:25.497Z",
    "dateReserved": "2026-06-30T17:21:39.776Z",
    "dateUpdated": "2026-07-13T17:37:15.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-14250 (GCVE-0-2026-14250)

Vulnerability from cvelistv5 – Published: 2026-07-08 11:30 – Updated: 2026-07-08 12:38
VLAI
Title
Themehunk Login Registration <= 1.0.2 - Unauthenticated Privilege Escalation via 'role' Parameter
Summary
The Themehunk Login Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.2. This is due to the handle_frontend_register() function in the unauthenticated /thlogin/v1/register REST endpoint accepting a user-controlled 'role' parameter and validating it only against get_editable_roles() — which returns every defined editable site role, including 'editor' — before passing it to wp_insert_user(). This makes it possible for unauthenticated attackers, when public user registration is enabled, to create new accounts with the editor role.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
themehunk TH Login Registration Affected: 0 , ≤ 1.0.2 (semver)
Create a notification for this product.
Credits
Trung Huynh Chi
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-14250",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-08T12:37:59.763190Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-08T12:38:09.291Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "TH Login Registration",
          "vendor": "themehunk",
          "versions": [
            {
              "lessThanOrEqual": "1.0.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Trung Huynh Chi"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Themehunk Login Registration plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.2. This is due to the handle_frontend_register() function in the unauthenticated /thlogin/v1/register REST endpoint accepting a user-controlled \u0027role\u0027 parameter and validating it only against get_editable_roles() \u2014 which returns every defined editable site role, including \u0027editor\u0027 \u2014 before passing it to wp_insert_user(). This makes it possible for unauthenticated attackers, when public user registration is enabled, to create new accounts with the editor role."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-08T11:30:33.205Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8eee3809-133e-4fd9-ad49-cc6fe3822457?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/themehunk-login-registration/tags/1.0.2/includes/class-thlogin-rest-api.php#L811"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/themehunk-login-registration/tags/1.0.2/includes/class-thlogin-rest-api.php#L782"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/themehunk-login-registration/tags/1.0.2/includes/class-thlogin-rest-api.php#L82"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/themehunk-login-registration/tags/1.0.2/includes/class-thlogin-rest-api.php#L243"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?reponame=\u0026old=3592690%40themehunk-login-registration\u0026new=3592690%40themehunk-login-registration"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-07T22:41:39.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Themehunk Login Registration \u003c= 1.0.2 - Unauthenticated Privilege Escalation via \u0027role\u0027 Parameter"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2026-14250",
    "datePublished": "2026-07-08T11:30:33.205Z",
    "dateReserved": "2026-06-30T14:19:53.767Z",
    "dateUpdated": "2026-07-08T12:38:09.291Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-13756 (GCVE-0-2026-13756)

Vulnerability from cvelistv5 – Published: 2026-07-11 01:29 – Updated: 2026-07-13 16:14
VLAI
Title
WP Grid Builder <= 2.3.3 - Authenticated (Subscriber+) Privilege Escalation via 'key' Parameter
Summary
The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.3.3. This is due to missing authorization and meta key validation in the `update()` handler for the `/wp-json/wpgb/v2/metadata` REST endpoint. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to Administrator by updating their own `wp_capabilities` user meta with a crafted nested array payload.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Vendor Product Version
WP Grid Builder WP Grid Builder Affected: 0 , ≤ 2.3.3 (semver)
Create a notification for this product.
Credits
h0xilo
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-13756",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-13T16:14:45.849821Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-13T16:14:52.757Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "WP Grid Builder",
          "vendor": "WP Grid Builder",
          "versions": [
            {
              "lessThanOrEqual": "2.3.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "h0xilo"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.3.3. This is due to missing authorization and meta key validation in the `update()` handler for the `/wp-json/wpgb/v2/metadata` REST endpoint. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to Administrator by updating their own `wp_capabilities` user meta with a crafted nested array payload."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-11T01:29:19.566Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6a42e0e8-a8c7-4bc5-80ca-5ef69d1f0b6c?source=cve"
        },
        {
          "url": "https://docs.wpgridbuilder.com/changelog/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-07-10T12:58:36.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "WP Grid Builder \u003c= 2.3.3 - Authenticated (Subscriber+) Privilege Escalation via \u0027key\u0027 Parameter"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2026-13756",
    "datePublished": "2026-07-11T01:29:19.566Z",
    "dateReserved": "2026-06-29T17:34:21.761Z",
    "dateUpdated": "2026-07-13T16:14:52.757Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-13228 (GCVE-0-2026-13228)

Vulnerability from cvelistv5 – Published: 2026-07-01 09:32 – Updated: 2026-07-01 15:33
VLAI
Title
LatePoint <= 5.6.3 - Authenticated (Custom+) Privilege Escalation to Administrator via 'order[customer_id]' Parameter
Summary
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.6.3 This is due to an Insecure Direct Object Reference (IDOR) in the create_or_update() function of OsOrdersController, which allows an authenticated Agent to supply an arbitrary order[customer_id] and overwrite any LatePoint customer's email field (including one linked to a WordPress Administrator's account) through the public-scope customer set_data() call, combined with a missing role verification in OsAuthHelper::authorize_customer() which logs in the linked WordPress user without checking its role. This makes it possible for authenticated attackers, with custom (Agent)-level access and above, to elevate their privileges to Administrator.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-269 - Improper Privilege Management
Assigner
Impacted products
Credits
d.v4n_s3c
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-13228",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T15:33:15.747907Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T15:33:25.338Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "LatePoint \u2013 Calendar Booking Plugin for Appointments and Events",
          "vendor": "latepoint",
          "versions": [
            {
              "lessThanOrEqual": "5.6.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "d.v4n_s3c"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The LatePoint \u2013 Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in versions up to, and including, 5.6.3 This is due to an Insecure Direct Object Reference (IDOR) in the create_or_update() function of OsOrdersController, which allows an authenticated Agent to supply an arbitrary order[customer_id] and overwrite any LatePoint customer\u0027s email field (including one linked to a WordPress Administrator\u0027s account) through the public-scope customer set_data() call, combined with a missing role verification in OsAuthHelper::authorize_customer() which logs in the linked WordPress user without checking its role. This makes it possible for authenticated attackers, with custom (Agent)-level access and above, to elevate their privileges to Administrator."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269 Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T09:32:28.123Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f9db3b8-dd37-4d8b-b041-50b453858a39?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.6.2/lib/controllers/orders_controller.php#L127"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.6.2/lib/controllers/orders_controller.php#L137"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.6.2/lib/helpers/auth_helper.php#L256"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/latepoint/tags/5.6.2/lib/controllers/orders_controller.php#L112"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3590914/latepoint/trunk/lib/controllers/orders_controller.php"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Flatepoint/tags/5.6.3\u0026new_path=%2Flatepoint/tags/5.6.4"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-06-24T16:59:08.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2026-06-30T21:30:37.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "LatePoint \u003c= 5.6.3 - Authenticated (Custom+) Privilege Escalation to Administrator via \u0027order[customer_id]\u0027 Parameter"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2026-13228",
    "datePublished": "2026-07-01T09:32:28.123Z",
    "dateReserved": "2026-06-24T16:43:26.354Z",
    "dateUpdated": "2026-07-01T15:33:25.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.