CWE-269
DiscouragedImproper Privilege Management
Abstraction: Class · Status: Draft
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
5447 vulnerabilities reference this CWE, most recent first.
GHSA-F3HJ-PX43-QPFM
Vulnerability from github – Published: 2024-11-16 06:30 – Updated: 2024-11-16 06:30The WordPress Video Robot - The Ultimate Video Importer plugin for WordPress is vulnerable to privilege escalation due to insufficient validation on user meta that can be updated in the wpvr_rate_request_result() function in all versions up to, and including, 1.20.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta on a WordPress site. This can be leveraged to update their capabilities to that of an administrator.
{
"affected": [],
"aliases": [
"CVE-2024-9192"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-16T04:15:06Z",
"severity": "HIGH"
},
"details": "The WordPress Video Robot - The Ultimate Video Importer plugin for WordPress is vulnerable to privilege escalation due to insufficient validation on user meta that can be updated in the wpvr_rate_request_result() function in all versions up to, and including, 1.20.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta on a WordPress site. This can be leveraged to update their capabilities to that of an administrator.",
"id": "GHSA-f3hj-px43-qpfm",
"modified": "2024-11-16T06:30:41Z",
"published": "2024-11-16T06:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9192"
},
{
"type": "WEB",
"url": "https://codecanyon.net/item/wordpress-video-robot-plugin/8619739"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2da019d3-4aca-485a-aa0c-73728dc1e7c1?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F3MQ-FXWR-3X7M
Vulnerability from github – Published: 2022-05-24 17:21 – Updated: 2022-05-24 17:21Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.
{
"affected": [],
"aliases": [
"CVE-2020-9596"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-06-25T22:15:00Z",
"severity": "MODERATE"
},
"details": "Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a security bypass vulnerability. Successful exploitation could lead to security feature bypass.",
"id": "GHSA-f3mq-fxwr-3x7m",
"modified": "2022-05-24T17:21:51Z",
"published": "2022-05-24T17:21:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9596"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb20-24.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-F3P2-QQMM-JG8F
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2025-04-20 03:48Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two 'roles' keys are available in the JSON, the second one will be used for authorising the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.
{
"affected": [],
"aliases": [
"CVE-2017-12635"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-14T20:29:00Z",
"severity": "CRITICAL"
},
"details": "Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keys for \u0027roles\u0027 used for access control within the database, including the special case \u0027_admin\u0027 role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behaviour that if two \u0027roles\u0027 keys are available in the JSON, the second one will be used for authorising the document write, but the first \u0027roles\u0027 key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.",
"id": "GHSA-f3p2-qqmm-jg8f",
"modified": "2025-04-20T03:48:22Z",
"published": "2022-05-13T01:42:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12635"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67%40%3Cdev.couchdb.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201711-16"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbmu03935en_us"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/44498"
},
{
"type": "WEB",
"url": "https://www.exploit-db.com/exploits/45019"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101868"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F3P6-32MJ-FJ25
Vulnerability from github – Published: 2024-05-17 09:31 – Updated: 2024-05-17 09:31Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1.
{
"affected": [],
"aliases": [
"CVE-2023-41954"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-17T07:15:59Z",
"severity": "HIGH"
},
"details": "Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1.",
"id": "GHSA-f3p6-32mj-fj25",
"modified": "2024-05-17T09:31:00Z",
"published": "2024-05-17T09:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-41954"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/wp-user-avatar/wordpress-profilepress-plugin-4-13-1-unauthenticated-limited-privilege-escalation-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-F3Q2-677P-C93V
Vulnerability from github – Published: 2026-06-27 06:30 – Updated: 2026-06-27 06:30The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravel_invoice_edit_account() AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wp_ajax_nopriv_pravel_invoice_edit_account, accepts an attacker-controlled user_id and user_email from POST data, and calls wp_update_user() without verifying authentication, ownership, or a nonce. This makes it possible for unauthenticated attackers to change the email address of any user, including administrators, and then trigger WordPress's password reset flow to gain access to the targeted account.
{
"affected": [],
"aliases": [
"CVE-2026-12415"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-27T05:16:41Z",
"severity": "CRITICAL"
},
"details": "The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravel_invoice_edit_account() AJAX action in versions up to, and including, 1.0.0. The handler is exposed via wp_ajax_nopriv_pravel_invoice_edit_account, accepts an attacker-controlled user_id and user_email from POST data, and calls wp_update_user() without verifying authentication, ownership, or a nonce. This makes it possible for unauthenticated attackers to change the email address of any user, including administrators, and then trigger WordPress\u0027s password reset flow to gain access to the targeted account.",
"id": "GHSA-f3q2-677p-c93v",
"modified": "2026-06-27T06:30:26Z",
"published": "2026-06-27T06:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12415"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/invoice-creator/trunk/lib/user-manage-function.php#L184"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/invoice-creator/trunk/lib/user-manage-function.php#L193"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/invoice-creator/trunk/lib/user-manage-function.php#L203"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ee045d0d-101a-4ae2-b209-4a4865eec195?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F3W5-7QJV-Q377
Vulnerability from github – Published: 2022-05-24 19:06 – Updated: 2022-05-24 19:06There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality, availability and integrity.
{
"affected": [],
"aliases": [
"CVE-2021-22376"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-276"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-30T14:15:00Z",
"severity": "CRITICAL"
},
"details": "There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality, availability and integrity.",
"id": "GHSA-f3w5-7qjv-q377",
"modified": "2022-05-24T19:06:37Z",
"published": "2022-05-24T19:06:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22376"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2021/5"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202107-0000001123874808"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-F444-F4GW-JHG6
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were not always correct. NOTE: this issue exists because of an incomplete fix for CVE-2020-15565.
{
"affected": [],
"aliases": [
"CVE-2021-27379"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-18T17:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Xen through 4.11.x, allowing x86 Intel HVM guest OS users to achieve unintended read/write DMA access, and possibly cause a denial of service (host OS crash) or gain privileges. This occurs because a backport missed a flush, and thus IOMMU updates were not always correct. NOTE: this issue exists because of an incomplete fix for CVE-2020-15565.",
"id": "GHSA-f444-f4gw-jhg6",
"modified": "2022-05-24T17:42:38Z",
"published": "2022-05-24T17:42:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27379"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4888"
},
{
"type": "WEB",
"url": "https://xenbits.xen.org/xsa/advisory-366.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/02/23/1"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-366.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F44V-C5F2-RWQC
Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2023-08-02 00:30Windows Event Tracing Elevation of Privilege Vulnerability
{
"affected": [],
"aliases": [
"CVE-2021-40477"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-13T01:15:00Z",
"severity": "HIGH"
},
"details": "Windows Event Tracing Elevation of Privilege Vulnerability",
"id": "GHSA-f44v-c5f2-rwqc",
"modified": "2023-08-02T00:30:37Z",
"published": "2022-05-24T19:17:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40477"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-40477"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F44X-M52X-FPCF
Vulnerability from github – Published: 2022-01-26 00:00 – Updated: 2022-08-10 00:00The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps.
{
"affected": [],
"aliases": [
"CVE-2021-45729"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-25T20:15:00Z",
"severity": "MODERATE"
},
"details": "The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions \u003c= 1.8.0) allows authenticated low-role users to create, edit, and delete maps.",
"id": "GHSA-f44x-m52x-fpcf",
"modified": "2022-08-10T00:00:32Z",
"published": "2022-01-26T00:00:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45729"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/gmap-embed/wordpress-wp-google-map-plugin-1-8-0-privilege-escalation-vulnerability"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/gmap-embed/#developers"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-F49Q-7V8H-XWXV
Vulnerability from github – Published: 2025-05-12 18:31 – Updated: 2025-05-12 18:31An authenticated administrator could modify the Created By username for a user account
{
"affected": [],
"aliases": [
"CVE-2025-46744"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-12T17:15:48Z",
"severity": "LOW"
},
"details": "An authenticated administrator could modify the Created By username for a user account",
"id": "GHSA-f49q-7v8h-xwxv",
"modified": "2025-05-12T18:31:47Z",
"published": "2025-05-12T18:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46744"
},
{
"type": "WEB",
"url": "https://selinc.com/products/software/latest-software-versions"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-48
Strategy: Separation of Privilege
Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.