CWE-269
DiscouragedImproper Privilege Management
Abstraction: Class · Status: Draft
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
5432 vulnerabilities reference this CWE, most recent first.
GHSA-MFV5-8VH8-PCQG
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-10-27 12:00A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3. .
{
"affected": [],
"aliases": [
"CVE-2021-34622"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-07T13:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the user profile update component found in the ~/src/Classes/EditUserProfile.php file of the ProfilePress WordPress plugin made it possible for users to escalate their privileges to that of an administrator while editing their profile. This issue affects versions 3.0.0 - 3.1.3. .",
"id": "GHSA-mfv5-8vh8-pcqg",
"modified": "2022-10-27T12:00:26Z",
"published": "2022-05-24T19:07:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34622"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/blog/2021/06/easily-exploitable-critical-vulnerabilities-patched-in-profilepress-plugin"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MFVV-F9H5-2MQR
Vulnerability from github – Published: 2026-05-28 09:31 – Updated: 2026-05-28 09:31The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2. This is due to insecure form submission handling that accepts arbitrary form definitions from user input instead of securely loading them from the backend. When $_POST['_acf_form'] is an array (rather than a form ID), the validate_form() function bypasses database lookup and directly processes the attacker-controlled structure. The create_record() function preserves attacker-supplied record data if present, and the user action's run() function falls back to attacker-controlled field definitions from $form['fields'] when legitimate fields cannot be found. The role field's pre_update_value() validation reads $field['role_options'] from this attacker-controlled definition, allowing an attacker to specify ['administrator'] as an allowed role and bypass the security check. This makes it possible for unauthenticated attackers to create administrator accounts by injecting a custom form configuration with a spoofed role field.
{
"affected": [],
"aliases": [
"CVE-2026-6226"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T09:16:47Z",
"severity": "HIGH"
},
"details": "The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and including 3.29.2. This is due to insecure form submission handling that accepts arbitrary form definitions from user input instead of securely loading them from the backend. When $_POST[\u0027_acf_form\u0027] is an array (rather than a form ID), the validate_form() function bypasses database lookup and directly processes the attacker-controlled structure. The create_record() function preserves attacker-supplied record data if present, and the user action\u0027s run() function falls back to attacker-controlled field definitions from $form[\u0027fields\u0027] when legitimate fields cannot be found. The role field\u0027s pre_update_value() validation reads $field[\u0027role_options\u0027] from this attacker-controlled definition, allowing an attacker to specify [\u0027administrator\u0027] as an allowed role and bypass the security check. This makes it possible for unauthenticated attackers to create administrator accounts by injecting a custom form configuration with a spoofed role field.",
"id": "GHSA-mfvv-f9h5-2mqr",
"modified": "2026-05-28T09:31:20Z",
"published": "2026-05-28T09:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6226"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.28.33/main/frontend/fields/user/class-role.php#L107"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.28.33/main/frontend/forms/actions/user.php#L458"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.28.33/main/frontend/forms/classes/display.php#L245"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/tags/3.28.33/main/frontend/forms/classes/submit.php#L124"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/trunk/main/frontend/fields/user/class-role.php#L107"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/trunk/main/frontend/forms/actions/user.php#L458"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/trunk/main/frontend/forms/classes/display.php#L245"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/trunk/main/frontend/forms/classes/submit.php#L124"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3525193%40acf-frontend-form-element\u0026new=3525193%40acf-frontend-form-element\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/123e1758-3384-4ea7-96dd-d6adcce40392?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MG3Q-349P-VCPV
Vulnerability from github – Published: 2024-04-03 18:30 – Updated: 2024-04-03 18:30A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device.
This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device.
{
"affected": [],
"aliases": [
"CVE-2024-20282"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-522"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-03T17:15:47Z",
"severity": "MODERATE"
},
"details": "A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device.\n\n This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this vulnerability by using this token to access resources within the device infrastructure. A successful exploit could allow an attacker to gain root access to the filesystem or hosted containers on an affected device.",
"id": "GHSA-mg3q-349p-vcpv",
"modified": "2024-04-03T18:30:41Z",
"published": "2024-04-03T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20282"
},
{
"type": "WEB",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndru-pesc-kZ2PQLZH"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MG63-9VWR-F2MV
Vulnerability from github – Published: 2025-08-26 06:31 – Updated: 2025-08-26 06:31The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user's identity prior to updating their password during a staff password reset. This makes it possible for authenticated attackers, with vendor-level access and above, to elevate their privilege to the level of a staff member and then change arbitrary user passwords, including those of administrators in order to gain access to their accounts. By default, the plugin allows customers to become vendors.
{
"affected": [],
"aliases": [
"CVE-2025-5931"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-26T05:15:32Z",
"severity": "HIGH"
},
"details": "The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user\u0027s identity prior to updating their password during a staff password reset. This makes it possible for authenticated attackers, with vendor-level access and above, to elevate their privilege to the level of a staff member and then change arbitrary user passwords, including those of administrators in order to gain access to their accounts. By default, the plugin allows customers to become vendors.",
"id": "GHSA-mg63-9vwr-f2mv",
"modified": "2025-08-26T06:31:00Z",
"published": "2025-08-26T06:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5931"
},
{
"type": "WEB",
"url": "https://dokan.co/wordpress"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3664a96-4ce7-4561-9b4b-dff91cd49384?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MGHH-6H8J-QQ5M
Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-05-24 19:17Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.
{
"affected": [],
"aliases": [
"CVE-2021-27664"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-11T16:15:00Z",
"severity": "CRITICAL"
},
"details": "Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.",
"id": "GHSA-mghh-6h8j-qq5m",
"modified": "2022-05-24T19:17:10Z",
"published": "2022-05-24T19:17:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27664"
},
{
"type": "WEB",
"url": "https://us-cert.gov/ics/advisories/icsa-21-280-01"
},
{
"type": "WEB",
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MGHQ-FCPM-9VVG
Vulnerability from github – Published: 2022-04-30 18:18 – Updated: 2022-04-30 18:18rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.
{
"affected": [],
"aliases": [
"CVE-2002-0080"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2002-03-15T05:00:00Z",
"severity": "LOW"
},
"details": "rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.",
"id": "GHSA-mghq-fcpm-9vvg",
"modified": "2022-04-30T18:18:29Z",
"published": "2022-04-30T18:18:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0080"
},
{
"type": "WEB",
"url": "http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt"
},
{
"type": "WEB",
"url": "http://www.iss.net/security_center/static/8463.php"
},
{
"type": "WEB",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2002-026.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/4285"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MGJ6-95H9-VG3G
Vulnerability from github – Published: 2025-05-22 21:30 – Updated: 2025-05-23 15:31An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function
{
"affected": [],
"aliases": [
"CVE-2024-40459"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-22T19:15:40Z",
"severity": "HIGH"
},
"details": "An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function",
"id": "GHSA-mgj6-95h9-vg3g",
"modified": "2025-05-23T15:31:09Z",
"published": "2025-05-22T21:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40459"
},
{
"type": "WEB",
"url": "https://drive.google.com/file/d/1J2PsjRc6u2q4Teo3eVnBVmTEFjOgaPzX/view?usp=drive_link"
},
{
"type": "WEB",
"url": "https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MGQ6-H57W-6G82
Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2025-04-12 12:59The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.
{
"affected": [],
"aliases": [
"CVE-2016-1575"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-05-02T10:59:00Z",
"severity": "HIGH"
},
"details": "The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.",
"id": "GHSA-mgq6-h57w-6g82",
"modified": "2025-04-12T12:59:23Z",
"published": "2022-05-13T01:02:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1575"
},
{
"type": "WEB",
"url": "https://launchpad.net/bugs/1534961"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360"
},
{
"type": "WEB",
"url": "http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1575.html"
},
{
"type": "WEB",
"url": "http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/02/24/7"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/10/18/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MGR2-3MPV-43GC
Vulnerability from github – Published: 2019-02-18 23:47 – Updated: 2021-09-16 20:55Affected versions of openframe-image insecurely downloads resources over HTTP.
In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavior of the package itself, it ranges from being able to read sensitive information all the way up to and including remote code execution.
Recommendation
No patch is currently available for this vulnerability.
The best mitigation is currently to avoid using this package, using a different package if available.
Alternatively, the risk of exploitation can be reduced by ensuring that this package is not installed while connected to a public network. If the package is installed on a private network, the only people who can exploit this vulnerability are those who have compromised your network or those who have privileged access to your ISP, such as Nation State Actors or Rogue ISP Employees.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openframe-image"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.2.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-10616"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-311"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:46:06Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Affected versions of `openframe-image` insecurely downloads resources over HTTP. \n\nIn scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavior of the package itself, it ranges from being able to read sensitive information all the way up to and including remote code execution.\n\n\n## Recommendation\n\nNo patch is currently available for this vulnerability.\n\nThe best mitigation is currently to avoid using this package, using a different package if available. \n\nAlternatively, the risk of exploitation can be reduced by ensuring that this package is not installed while connected to a public network. If the package is installed on a private network, the only people who can exploit this vulnerability are those who have compromised your network or those who have privileged access to your ISP, such as Nation State Actors or Rogue ISP Employees.",
"id": "GHSA-mgr2-3mpv-43gc",
"modified": "2021-09-16T20:55:30Z",
"published": "2019-02-18T23:47:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10616"
},
{
"type": "PACKAGE",
"url": "https://github.com/OpenframeProject/Openframe-Image"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-mgr2-3mpv-43gc"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/218"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Downloads Resources over HTTP in openframe-image"
}
GHSA-MGVJ-RWRG-MCH6
Vulnerability from github – Published: 2022-04-16 00:00 – Updated: 2022-04-16 00:00Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.
{
"affected": [],
"aliases": [
"CVE-2022-26795"
],
"database_specific": {
"cwe_ids": [
"CWE-269"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-15T19:15:00Z",
"severity": "HIGH"
},
"details": "Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26786, CVE-2022-26787, CVE-2022-26789, CVE-2022-26790, CVE-2022-26791, CVE-2022-26792, CVE-2022-26793, CVE-2022-26794, CVE-2022-26796, CVE-2022-26797, CVE-2022-26798, CVE-2022-26801, CVE-2022-26802, CVE-2022-26803.",
"id": "GHSA-mgvj-rwrg-mch6",
"modified": "2022-04-16T00:00:35Z",
"published": "2022-04-16T00:00:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26795"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26795"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26795"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-48
Strategy: Separation of Privilege
Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.