Common Weakness Enumeration

CWE-269

Discouraged

Improper Privilege Management

Abstraction: Class · Status: Draft

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

5432 vulnerabilities reference this CWE, most recent first.

GHSA-MFV5-8VH8-PCQG

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-10-27 12:00
VLAI
Details

A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3. .

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-34622"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-07T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3. .",
  "id": "GHSA-mfv5-8vh8-pcqg",
  "modified": "2022-10-27T12:00:26Z",
  "published": "2022-05-24T19:07:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34622"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MFVV-F9H5-2MQR

Vulnerability from github – Published: 2026-05-28 09:31 – Updated: 2026-05-28 09:31
VLAI
Details

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2. This is due to insecure form submission handling that accepts arbitrary form definitions from user input instead of securely loading them from the backend. When $_POST['_acf_form'] is an array (rather than a form ID), the validate_form() function bypasses database lookup and directly processes the attacker-controlled structure. The create_record() function preserves attacker-supplied record data if present, and the user action's run() function falls back to attacker-controlled field definitions from $form['fields'] when legitimate fields cannot be found. The role field's pre_update_value() validation reads $field['role_options'] from this attacker-controlled definition, allowing an attacker to specify ['administrator'] as an allowed role and bypass the security check. This makes it possible for unauthenticated attackers to create administrator accounts by injecting a custom form configuration with a spoofed role field.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6226"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-28T09:16:47Z",
    "severity": "HIGH"
  },
  "details": "The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2. This is due to insecure form submission handling that accepts arbitrary form definitions from user input instead of securely loading them from the backend. When $_POST[\u0027_acf_form\u0027] is an array (rather than a form ID), the validate_form() function bypasses database lookup and directly processes the attacker-controlled structure. The create_record() function preserves attacker-supplied record data if present, and the user action\u0027s run() function falls back to attacker-controlled field definitions from $form[\u0027fields\u0027] when legitimate fields cannot be found. The role field\u0027s pre_update_value() validation reads $field[\u0027role_options\u0027] from this attacker-controlled definition, allowing an attacker to specify [\u0027administrator\u0027] as an allowed role and bypass the security check. This makes it possible for unauthenticated attackers to create administrator accounts by injecting a custom form configuration with a spoofed role field.",
  "id": "GHSA-mfvv-f9h5-2mqr",
  "modified": "2026-05-28T09:31:20Z",
  "published": "2026-05-28T09:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6226"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.28.33/main/frontend/fields/user/class-role.php#L107"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.28.33/main/frontend/forms/actions/user.php#L458"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.28.33/main/frontend/forms/classes/display.php#L245"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.28.33/main/frontend/forms/classes/submit.php#L124"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/trunk/main/frontend/fields/user/class-role.php#L107"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/trunk/main/frontend/forms/actions/user.php#L458"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/trunk/main/frontend/forms/classes/display.php#L245"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/trunk/main/frontend/forms/classes/submit.php#L124"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3525193%40acf-frontend-form-element\u0026new=3525193%40acf-frontend-form-element\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/123e1758-3384-4ea7-96dd-d6adcce40392?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MG3Q-349P-VCPV

Vulnerability from github – Published: 2024-04-03 18:30 – Updated: 2024-04-03 18:30
VLAI
Details

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device.

This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-20282"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-03T17:15:47Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device.\n\n This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device.",
  "id": "GHSA-mg3q-349p-vcpv",
  "modified": "2024-04-03T18:30:41Z",
  "published": "2024-04-03T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20282"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndru-pesc-kZ2PQLZH"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MG63-9VWR-F2MV

Vulnerability from github – Published: 2025-08-26 06:31 – Updated: 2025-08-26 06:31
VLAI
Details

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user's identity prior to updating their password during a staff password reset. This makes it possible for authenticated attackers, with vendor-level access and above, to elevate their privilege to the level of a staff member and then change arbitrary user passwords, including those of administrators in order to gain access to their accounts. By default, the plugin allows customers to become vendors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-5931"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-26T05:15:32Z",
    "severity": "HIGH"
  },
  "details": "The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user\u0027s identity prior to updating their password during a staff password reset. This makes it possible for authenticated attackers, with vendor-level access and above, to elevate their privilege to the level of a staff member and then change arbitrary user passwords, including those of administrators in order to gain access to their accounts. By default, the plugin allows customers to become vendors.",
  "id": "GHSA-mg63-9vwr-f2mv",
  "modified": "2025-08-26T06:31:00Z",
  "published": "2025-08-26T06:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5931"
    },
    {
      "type": "WEB",
      "url": "https://dokan.co/wordpress"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3664a96-4ce7-4561-9b4b-dff91cd49384?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MGHH-6H8J-QQ5M

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17
VLAI
Details

Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27664"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-11T16:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.",
  "id": "GHSA-mghh-6h8j-qq5m",
  "modified": "2022-05-24T19:17:10Z",
  "published": "2022-05-24T19:17:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27664"
    },
    {
      "type": "WEB",
      "url": "https://us-cert.gov/ics/advisories/icsa-21-280-01"
    },
    {
      "type": "WEB",
      "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MGHQ-FCPM-9VVG

Vulnerability from github – Published: 2022-04-30 18:18 – Updated: 2022-04-30 18:18
VLAI
Details

rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2002-0080"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2002-03-15T05:00:00Z",
    "severity": "LOW"
  },
  "details": "rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.",
  "id": "GHSA-mghq-fcpm-9vvg",
  "modified": "2022-04-30T18:18:29Z",
  "published": "2022-04-30T18:18:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0080"
    },
    {
      "type": "WEB",
      "url": "http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.iss.net/security_center/static/8463.php"
    },
    {
      "type": "WEB",
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2002-026.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/4285"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-MGJ6-95H9-VG3G

Vulnerability from github – Published: 2025-05-22 21:30 – Updated: 2025-05-23 15:31
VLAI
Details

An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-40459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-22T19:15:40Z",
    "severity": "HIGH"
  },
  "details": "An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function",
  "id": "GHSA-mgj6-95h9-vg3g",
  "modified": "2025-05-23T15:31:09Z",
  "published": "2025-05-22T21:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40459"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/file/d/1J2PsjRc6u2q4Teo3eVnBVmTEFjOgaPzX/view?usp=drive_link"
    },
    {
      "type": "WEB",
      "url": "https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MGQ6-H57W-6G82

Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2025-04-12 12:59
VLAI
Details

The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-1575"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-05-02T10:59:00Z",
    "severity": "HIGH"
  },
  "details": "The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.",
  "id": "GHSA-mgq6-h57w-6g82",
  "modified": "2025-04-12T12:59:23Z",
  "published": "2022-05-13T01:02:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1575"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.net/bugs/1534961"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360"
    },
    {
      "type": "WEB",
      "url": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1575.html"
    },
    {
      "type": "WEB",
      "url": "http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/02/24/7"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/10/18/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MGR2-3MPV-43GC

Vulnerability from github – Published: 2019-02-18 23:47 – Updated: 2021-09-16 20:55
VLAI
Summary
Downloads Resources over HTTP in openframe-image
Details

Affected versions of openframe-image insecurely downloads resources over HTTP.

In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavior of the package itself, it ranges from being able to read sensitive information all the way up to and including remote code execution.

Recommendation

No patch is currently available for this vulnerability.

The best mitigation is currently to avoid using this package, using a different package if available.

Alternatively, the risk of exploitation can be reduced by ensuring that this package is not installed while connected to a public network. If the package is installed on a private network, the only people who can exploit this vulnerability are those who have compromised your network or those who have privileged access to your ISP, such as Nation State Actors or Rogue ISP Employees.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openframe-image"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-10616"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-311"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:46:06Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "Affected versions of `openframe-image` insecurely downloads resources over HTTP. \n\nIn scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavior of the package itself, it ranges from being able to read sensitive information all the way up to and including remote code execution.\n\n\n## Recommendation\n\nNo patch is currently available for this vulnerability.\n\nThe best mitigation is currently to avoid using this package, using a different package if available. \n\nAlternatively, the risk of exploitation can be reduced by ensuring that this package is not installed while connected to a public network. If the package is installed on a private network, the only people who can exploit this vulnerability are those who have compromised your network or those who have privileged access to your ISP, such as Nation State Actors or Rogue ISP Employees.",
  "id": "GHSA-mgr2-3mpv-43gc",
  "modified": "2021-09-16T20:55:30Z",
  "published": "2019-02-18T23:47:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10616"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/OpenframeProject/Openframe-Image"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-mgr2-3mpv-43gc"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/218"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Downloads Resources over HTTP in openframe-image"
}

GHSA-MGVJ-RWRG-MCH6

Vulnerability from github – Published: 2022-04-16 00:00 – Updated: 2022-04-16 00:00
VLAI
Details

Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-26795"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-15T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.",
  "id": "GHSA-mgvj-rwrg-mch6",
  "modified": "2022-04-16T00:00:35Z",
  "published": "2022-04-16T00:00:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26795"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26795"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26795"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-48
Architecture and Design

Strategy: Separation of Privilege

Follow the principle of least privilege when assigning access rights to entities in a software system.

Mitigation MIT-49
Architecture and Design

Strategy: Separation of Privilege

Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.

CAPEC-122: Privilege Abuse

An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.

CAPEC-233: Privilege Escalation

An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.

CAPEC-58: Restful Privilege Elevation

An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.