Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-11003

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-20 Sep, 2019 | 14:38
Updated At-06 Aug, 2024 | 03:47
Rejected At-
Credits

The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:20 Sep, 2019 | 14:38
Updated At:06 Aug, 2024 | 03:47
Rejected At:
▼CVE Numbering Authority (CNA)

The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wptavern.com/critical-security-vulnerability-discovered-in-elegant-themes-products
x_refsource_MISC
http://www.pritect.net/blog/elegant-themes-security-vulnerability
x_refsource_MISC
Hyperlink: https://wptavern.com/critical-security-vulnerability-discovered-in-elegant-themes-products
Resource:
x_refsource_MISC
Hyperlink: http://www.pritect.net/blog/elegant-themes-security-vulnerability
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://wptavern.com/critical-security-vulnerability-discovered-in-elegant-themes-products
x_refsource_MISC
x_transferred
http://www.pritect.net/blog/elegant-themes-security-vulnerability
x_refsource_MISC
x_transferred
Hyperlink: https://wptavern.com/critical-security-vulnerability-discovered-in-elegant-themes-products
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.pritect.net/blog/elegant-themes-security-vulnerability
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:20 Sep, 2019 | 15:15
Updated At:20 Sep, 2019 | 17:07

The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
elegantthemes
elegantthemes
>>monarch>>Versions before 1.1.1(exclusive)
cpe:2.3:a:elegantthemes:monarch:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-269Primarynvd@nist.gov
CWE ID: CWE-269
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.pritect.net/blog/elegant-themes-security-vulnerabilitycve@mitre.org
Third Party Advisory
https://wptavern.com/critical-security-vulnerability-discovered-in-elegant-themes-productscve@mitre.org
Third Party Advisory
Hyperlink: http://www.pritect.net/blog/elegant-themes-security-vulnerability
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://wptavern.com/critical-security-vulnerability-discovered-in-elegant-themes-products
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

341Records found
CVE-2017-7922
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.6||HIGH
EPSS-38.10% / 97.12%
||
7 Day CHG~0.00%
Published-21 Jun, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration changes.

Action-Not Available
Vendor-cambium_networksn/a
Product-epmp_2000epmp_2000_firmwareepmp_elevate_firmwareepmp_1000_firmwareepmp_1000epmp_1000_hotspot_firmwareepmp_elevateepmp_1000_hotspotCambium Networks ePMP
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-7014
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.38%
||
7 Day CHG~0.00%
Published-03 Jun, 2020 | 17:55
Updated-04 Aug, 2024 | 09:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges.

Action-Not Available
Vendor-Elasticsearch BV
Product-elasticsearchElasticsearch
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-6236
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-7.2||HIGH
EPSS-0.21% / 43.62%
||
7 Day CHG~0.00%
Published-14 Apr, 2020 | 18:38
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation.

Action-Not Available
Vendor-SAP SE
Product-landscape_managementadaptive_extensionsSAP Landscape ManagementSAP Adaptive Extensions
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-48757
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.13% / 32.89%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:38
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress JetEngine plugin <= 3.2.4 - Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Crocoblock JetEngine allows Privilege Escalation.This issue affects JetEngine: from n/a through 3.2.4.

Action-Not Available
Vendor-Crocoblock
Product-JetEngine
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-51356
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.50%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:39
Updated-29 May, 2025 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ARMember plugin <= 4.0.10 - Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10.

Action-Not Available
Vendor-reputeinfosystemsRepute Infosystems
Product-armemberARMember
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-5773
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-8.8||HIGH
EPSS-0.31% / 53.63%
||
7 Day CHG~0.00%
Published-03 Aug, 2020 | 19:55
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allows a low privileged user to perform unauthorized write operations.

Action-Not Available
Vendor-teltonika-networksn/a
Product-trb245_firmwaretrb245Teltonika Gateway TRB245
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-8114
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.56% / 80.75%
||
7 Day CHG~0.00%
Published-29 Apr, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin.

Action-Not Available
Vendor-n/aRoundcube Webmail Project
Product-webmailn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-23604
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.33% / 55.54%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 15:40
Updated-23 Apr, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in Defender

x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. Among these cogs is the Defender cog, a tool for Discord server moderation. A vulnerability in the Defender cog prior to version 1.10.0 allows users with admin privileges to issue commands as other users who share the same server. If a bot owner shares the same server as the attacker, it is possible for the attacker to issue bot-owner restricted commands. The issue has been patched in version 1.10.0. One may unload the Defender cog as a workaround.

Action-Not Available
Vendor-x26-cogs_projectTwentysix26
Product-x26-cogsx26-Cogs
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-4603
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-3.3||LOW
EPSS-0.21% / 42.79%
||
7 Day CHG~0.00%
Published-27 Aug, 2020 | 12:40
Updated-16 Sep, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Security Guardium Insights 2.0.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 184880.

Action-Not Available
Vendor-IBM Corporation
Product-security_guardium_insightsSecurity Guardium Insights
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-2637
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.46% / 63.10%
||
7 Day CHG~0.00%
Published-06 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 00:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter

Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0.

Action-Not Available
Vendor-Hitachi, Ltd.
Product-storage_plug-inHitachi Storage Plug-in for VMware vCenter
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-7489
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.25% / 48.51%
||
7 Day CHG~0.00%
Published-15 May, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodleMoodle 2.x and 3.x
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-6366
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.51%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 14:26
Updated-26 Aug, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Event List <= 2.0.4 - Authenticated (Subscriber+) Privilege Escalation

The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the el_update_profile() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change their capabilities to those of an administrator.

Action-Not Available
Vendor-ovatheme.com
Product-Event List
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-48171
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.38% / 58.41%
||
7 Day CHG~0.00%
Published-12 Aug, 2024 | 00:00
Updated-18 Sep, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.

Action-Not Available
Vendor-owaspn/aowasp
Product-defectdojon/adefectdojo
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-47782
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.50%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:37
Updated-08 Aug, 2024 | 17:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Thrive Theme Builder theme < 3.24.0 - Authenticated Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Thrive Themes Thrive Theme Builder allows Privilege Escalation.This issue affects Thrive Theme Builder: from n/a before 3.24.0.

Action-Not Available
Vendor-Thrive Themes LLC (Thrive Themes)
Product-Thrive Theme Builderthrive_themes_builder
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-6080
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.04% / 12.38%
||
7 Day CHG~0.00%
Published-16 Aug, 2025 | 03:38
Updated-18 Aug, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WPGYM <= 67.7.0 - Missing Authorization to Admin Account Creation

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to unauthorized admin account creation in all versions up to, and including, 67.7.0. This is due to the plugin not properly validating a user's capabilities prior to adding users. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new users, including admins.

Action-Not Available
Vendor-dasinfomedia
Product-WPGYM - Wordpress Gym Management System
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-36156
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.9||CRITICAL
EPSS-0.93% / 75.21%
||
7 Day CHG~0.00%
Published-04 Jan, 2021 | 17:22
Updated-04 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role (e.g., Administrator) during a profile update, and effectively escalate their privileges.

Action-Not Available
Vendor-n/aUltimate Member Group Ltd
Product-ultimate_membern/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-47837
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.3||HIGH
EPSS-0.25% / 47.89%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 10:10
Updated-29 May, 2025 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ARMember plugin <= 4.0.10 - Membership Plan Bypass vulnerability

Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10.

Action-Not Available
Vendor-reputeinfosystemsRepute Infosystemsarmemberplugin
Product-armemberARMemberarmember
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-36666
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.00%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 15:37
Updated-19 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple e-plugins - Subscriber+ Privilege Escalation

The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPress plugin before 1.3.1, lawyer-directory WordPress plugin before 1.2.9, doctor-listing WordPress plugin before 1.3.6, Hotel Listing WordPress plugin before 1.3.7, fitness-trainer WordPress plugin before 1.4.1, wp-membership WordPress plugin before 1.5.7, sold by the same developer (e-plugins), do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function iv_directories_update_profile_setting() uses update_user_meta with any data provided by the ajax call, which can be used to give the logged in user admin capabilities. Since the plugins allow user registration via a custom form (even if the blog does not allow users to register) it makes any site using it vulnerable.

Action-Not Available
Vendor-e-pluginsUnknown
Product-directory_prowp_membershiphotel_directorylawyer_directoryinstitutions_directoryfitness_trainerhospital_\&_doctor_directoryreal_estate_proproducer-retailerfinal_userphotographer-directoryHotel Listingfinal-user-wp-frontend-user-profilesfitness-trainerdirectory-proinstitutions-directoryreal-estate-prodoctor-listingwp-membershipproducer-retailerlawyer-directoryphotographer-directory
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-57760
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.04% / 9.65%
||
7 Day CHG~0.00%
Published-25 Aug, 2025 | 16:22
Updated-25 Aug, 2025 | 20:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation

Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time.

Action-Not Available
Vendor-langflow-ai
Product-langflow
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-5931
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.04% / 10.51%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 05:07
Updated-26 Aug, 2025 | 15:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dokan Pro <= 4.0.5 - Authenticated (Vendor+) Privilege Escalation

The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin not properly validating a user's identity prior to updating their password during a staff password reset. This makes it possible for authenticated attackers, with vendor-level access and above, to elevate their privilege to the level of a staff member and then change arbitrary user passwords, including those of administrators in order to gain access to their accounts. By default, the plugin allows customers to become vendors.

Action-Not Available
Vendor-weDevs Pte. Ltd.
Product-Dokan Pro
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-25311
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-7.3||HIGH
EPSS-0.19% / 41.00%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 00:00
Updated-21 Apr, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.

Action-Not Available
Vendor-Siemens AG
Product-sinema_serversinec_network_management_systemSINEC NMSSINEMA Server V14
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-1397
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.8||HIGH
EPSS-0.21% / 43.47%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 10:05
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
API Privilege Escalation in alextselegidis/easyappointments

API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.

Action-Not Available
Vendor-easyappointmentsalextselegidis
Product-easyappointmentsalextselegidis/easyappointments
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-5491
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.7||HIGH
EPSS-0.27% / 50.57%
||
7 Day CHG~0.00%
Published-13 Jun, 2025 | 01:56
Updated-16 Jun, 2025 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acer ControlCenter - Remote Code Execution

Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing remote users with low privileges to interact with it and access its features. One such feature enables the execution of arbitrary programs as NT AUTHORITY/SYSTEM. By leveraging this, remote attackers can execute arbitrary code on the target system with elevated privileges.

Action-Not Available
Vendor-Acer Inc.
Product-ControlCenter
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-4697
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.8||HIGH
EPSS-0.07% / 23.22%
||
7 Day CHG~0.00%
Published-01 Sep, 2023 | 00:00
Updated-01 Oct, 2024 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Privilege Management in usememos/memos

Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.

Action-Not Available
Vendor-Usememos
Product-memosusememos/memos
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-41966
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 18.39%
||
7 Day CHG~0.00%
Published-26 Oct, 2023 | 16:21
Updated-16 Jan, 2025 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions

The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.

Action-Not Available
Vendor-sielcoSielco
Product-analog_fm_transmitter_exc2000gxanalog_fm_transmitter_exc5000gtradio_link_exc19_firmwareanalog_fm_transmitter_exc1000gt_firmwareanalog_fm_transmitter_exc300gx_firmwareanalog_fm_transmitter_exc1600gx_firmwareanalog_fm_transmitter_exc100gtanalog_fm_transmitter_exc1000gx_firmwareanalog_fm_transmitter_exc300gt_firmwareanalog_fm_transmitter_exc5000gt_firmwareanalog_fm_transmitter_exc120gtanalog_fm_transmitter_exc120gx_firmwareanalog_fm_transmitter_exc5000gx_firmwareanalog_fm_transmitter_exc1600gxanalog_fm_transmitter_exc5000gxanalog_fm_transmitter_exc120gt_firmwareanalog_fm_transmitter_exc2000gx_firmwareradio_link_rtx19analog_fm_transmitter_exc3000gx_firmwareanalog_fm_transmitter_exc1000gxanalog_fm_transmitter_exc120gxanalog_fm_transmitter_exc300gtradio_link_exc19analog_fm_transmitter_exc100gt_firmwareanalog_fm_transmitter_exc3000gxradio_link_rtx19_firmwareanalog_fm_transmitter_exc300gxanalog_fm_transmitter_exc30gtanalog_fm_transmitter_exc30gt_firmwareanalog_fm_transmitter_exc1000gtRadio LinkAnalog FM transmitter
CWE ID-CWE-267
Privilege Defined With Unsafe Actions
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-5142
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.1||CRITICAL
EPSS-0.33% / 55.45%
||
7 Day CHG~0.00%
Published-13 Feb, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user with low privileges is able to open and change the parameters by accessing a specific URL because of Improper Privilege Management.

Action-Not Available
Vendor-n/aHoneywell International Inc.
Product-xl_web_ii_controllerHoneywell XL Web II Controller
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-46647
Matching Score-4
Assigner-GitHub, Inc. (Products Only)
ShareView Details
Matching Score-4
Assigner-GitHub, Inc. (Products Only)
CVSS Score-8||HIGH
EPSS-0.50% / 64.94%
||
7 Day CHG~0.00%
Published-21 Dec, 2023 | 20:45
Updated-02 Aug, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Privilege Management in GitHub Enterprise Server management console leads to privilege escalation

Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making requests to the endpoint used for bootstrapping the instance. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.12, 3.9.6, 3.10.3, and 3.11.0.

Action-Not Available
Vendor-GitHub, Inc.
Product-enterprise_serverEnterprise Server
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-3112
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-0.59% / 68.24%
||
7 Day CHG~0.00%
Published-19 Feb, 2020 | 19:16
Updated-15 Nov, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Data Center Network Manager Privilege Escalation Vulnerability

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to elevate privileges on the application. The vulnerability is due to insufficient access control validation. An attacker could exploit this vulnerability by authenticating with a low-privilege account and sending a crafted request to the API. A successful exploit could allow the attacker to interact with the API with administrative privileges.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-data_center_network_managerCisco Data Center Network Manager
CWE ID-CWE-264
Not Available
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-3852
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.06% / 18.77%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 01:43
Updated-07 May, 2025 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover

The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email & password through the update() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.

Action-Not Available
Vendor-eoxia
Product-WPshop 2 – E-Commerce
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-2273
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.64% / 69.69%
||
7 Day CHG~0.00%
Published-01 Aug, 2022 | 12:51
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simple Membership < 4.1.3 - Membership Privilege Escalation

The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request.

Action-Not Available
Vendor-simple-membership-pluginUnknown
Product-simple_membershipSimple Membership
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-45222
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.43% / 61.67%
||
7 Day CHG~0.00%
Published-24 Jan, 2022 | 19:55
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel.

Action-Not Available
Vendor-coins-globaln/a
Product-coins_construction_cloudn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-20075
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.28% / 50.92%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 06:05
Updated-15 Apr, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hindu Matrimonial Script payment.php privileges management

A vulnerability was found in Hindu Matrimonial Script. It has been classified as critical. This affects an unknown part of the file /admin/payment.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-hindu_matrimonial_script_projectunspecified
Product-hindu_matrimonial_scriptHindu Matrimonial Script
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-4607
Matching Score-4
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-4
Assigner-Lenovo Group Ltd.
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.51%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 20:25
Updated-03 Dec, 2024 | 14:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authenticated XCC user can change permissions for any user through a crafted API command.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinksystem_sn550thinksystem_sr530_firmwarethinkagile_hx3375_firmwarethinksystem_sr675_v3_firmwarethinkagile_hx5530thinksystem_sr570_firmwarethinksystem_sr665_firmwarethinksystem_sd630_v2_firmwarethinkagile_hx3721thinksystem_sr158thinksystem_sd665_v3_firmwarethinkagile_hx3520-g_firmwarethinkagile_hx3521-g_firmwarethinkagile_mx630_v3_intergrated_system_firmwarethinksystem_sr850_v3_firmwarethinksystem_sd650_dwc_dual_node_traythinksystem_st250thinkagile_vx1320_firmwarethinksystem_sr850thinksystem_sr158_firmwarethinkagile_vx3320_firmwarethinkagile_hx7530_firmwarethinkagile_hx2330thinkagile_vx7820thinksystem_sn850thinkagile_mx3331-f_all-flashthinkagile_vx7530_firmwarethinkagile_hx5520thinkagile_vx3320thinkagile_vx5520_firmwarethinksystem_st550_firmwarethinksystem_sr630thinkagile_mx1021_on_se350_firmwarethinksystem_sr950thinkagile_vx7320_nthinksystem_st658_v2thinkagile_hx1521-r_firmwarethinkagile_hx7820thinkagile_vx2320thinkagile_vx7520_nthinkagile_hx7520_firmwarethinkagile_vx_2u4nthinksystem_sr860_firmwarethinksystem_sr650_v2_firmwarethinkagile_hx5520-cthinksystem_sr630_v2thinksystem_sr860_v2thinkagile_hx_enclosure_firmwarethinkagile_hx3720thinkagile_hx7820_firmwarethinksystem_sd530thinksystem_sn850_firmwarethinkagile_mx1021_on_se350thinksystem_st650_v2thinkagile_vx_4u_firmwarethinksystem_sr258_v2thinkagile_hx7521_firmwarethinkagile_mx3531_h_hybrid_firmwarethinkagile_hx3375thinkagile_vx2320_firmwarethinkagile_mx3530-h_hybridthinkagile_vx3330thinkagile_hx2720-e_firmwarethinkagile_hx3331_firmwarethinkserver_sr590thinksystem_st250_firmwarethinksystem_sr645_v3thinkagile_hx3330_firmwarethinksystem_sr570thinksystem_sd650-n_v2thinksystem_sr670_v2_firmwarethinkagile_hx3321_firmwarethinkagile_vx7520thinksystem_sr670_v2thinkagile_vx_4uthinkagile_mx3331-h_hybridthinksystem_sr655_v3_firmwarethinkagile_hx2320-e_firmwarethinkagile_hx1331thinkagile_hx3331thinkagile_hx7521thinksystem_sd650_dual_node_traythinkagile_vx5520thinksystem_sr550thinkagile_mx3531-f_all-flash_firmwarethinkagile_mx650_v3_firmwarethinkagile_vx7530thinkagile_vx3520-g_firmwarethinksystem_se350_firmwarethinkagile_mx3330-f_all-flashthinksystem_st250_v2thinkagile_hx2321_firmwarethinksystem_sr860_v2_firmwarethinkagile_hx2321thinkagile_hx3721_firmwarethinksystem_st258thinkagile_mx3330-f_all-flash_firmwarethinksystem_sr850p_firmwarethinkagile_hx1320thinkagile_hx1321_firmwarethinksystem_sr850pthinkagile_hx1320_firmwarethinksystem_sn550_v2thinksystem_sd650_v3_firmwarethinksystem_sr258_v2_firmwarethinkagile_hx3320_firmwarethinkagile_hx3521-gthinkagile_hx2331_firmwarethinksystem_st650_v2_firmwarethinksystem_st258_v2_firmwarethinksystem_sd650_dwc_dual_node_tray_firmwarethinksystem_st258_firmwarethinkagile_hx3376_firmwarethinkagile_vx7531_firmwarethinkagile_vx2330thinkagile_vx7330_firmwarethinkagile_hx7821_firmwarethinksystem_sr850_firmwarethinkagile_vx3330_firmwarethinksystem_st550thinkagile_hx7531thinkagile_vx3520-gthinksystem_st658_v2_firmwarethinkagile_vx7531thinksystem_sr670_firmwarethinkagile_mx_edge-_mx1020_thinkagile_vx_2u4n_firmwarethinksystem_sr150thinkagile_mx3531_h_hybridthinksystem_sr850_v2_firmwarethinkagile_vx3720thinksystem_sr250_v2thinkagile_hx2330_firmwarethinksystem_sd650_v2_firmwarethinksystem_sr665_v3_firmwarethinkagile_mx3330-h_hybrid_firmwarethinkagile_hx_enclosurethinkagile_hx1321thinksystem_st250_v2_firmwarethinkagile_hx7520thinkagile_hx3330thinkedge_se450__firmwarethinksystem_sr645_v3_firmwarethinkagile_hx2720-ethinkagile_hx1331_firmwarethinksystem_sr650_firmwarethinksystem_sd650-n_v2_firmwarethinksystem_sn550_v2_firmwarethinksystem_sr860_v3_firmwarethinkagile_hx3321thinkagile_hx7530thinksystem_sr250thinksystem_sr530thinkagile_hx5520_firmwarethinkagile_mx3331-f_all-flash_firmwarethinksystem_sr850_v2thinksystem_se350thinkagile_mx3530_f_all_flashthinksystem_sr665thinksystem_sr150_firmwarethinkagile_hx1021_edgthinkagile_hx3520-gthinksystem_sr635_v3_firmwarethinkagile_vx7320_n_firmwarethinkagile_hx1021_edg_firmwarethinksystem_sr860thinkagile_hx7821thinkagile_hx3720_firmwarethinkagile_hx5521_firmwarethinkedge_se450thinkagile_mx3530_f_all_flash_firmwarethinksystem_sd650_dual_node_tray_firmwarethinkagile_mx3330-h_hybridthinkagile_hx5530_firmwarethinkagile_vx3331thinksystem_st258_v2thinkagile_vx7820_firmwarethinkagile_hx5520-c_firmwarethinksystem_st658_v3_firmwarethinksystem_sd530_firmwarethinkagile_vx_1sethinksystem_sr630_v3_firmwarethinkagile_hx5521-c_firmwarethinksystem_sd650_v2thinksystem_sr650_v2thinkagile_vx7330thinksystem_sn550_firmwarethinksystem_sr250_firmwarethinkagile_hx5521-cthinksystem_sr258_firmwarethinksystem_sr590_firmwarethinkagile_mx3530-h_hybrid_firmwarethinkagile_hx1520-rthinksystem_sd630_v2thinkagile_hx1521-rthinkagile_hx1520-r_firmwarethinkagile_hx3320thinkagile_vx3720_firmwarethinkagile_hx5531thinkagile_vx_1se_firmwarethinksystem_sr630_firmwarethinkagile_vx7520_n_firmwarethinksystem_sr650_v3_firmwarethinksystem_sr550_firmwarethinkagile_hx2331thinkagile_mx_edge-_mx1020__firmwarethinkagile_hx2320-ethinkagile_vx5530thinkagile_hx7531_firmwarethinkagile_mx630_v3_firmwarethinkagile_vx1320thinksystem_sr645thinksystem_sr670thinkagile_mx3531-f_all-flashthinkagile_vx3331_firmwarethinkagile_vx7520_firmwarethinksystem_sr950_firmwarethinkagile_vx2330_firmwarethinkagile_mx650_v3_intergrated_system_firmwarethinkagile_vx3530-g_firmwarethinksystem_sr630_v2_firmwarethinksystem_st650_v3_firmwarethinkagile_hx3376thinkagile_hx5531_firmwarethinkagile_vx5530_firmwarethinkagile_mx3331-h_hybrid_firmwarethinkagile_vx3530-gthinksystem_sr650thinksystem_sr258thinkagile_hx5521thinksystem_sr645_firmwareLenovo XClarity Controller (XCC)
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-18596
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.58% / 67.94%
||
7 Day CHG~0.00%
Published-10 Sep, 2019 | 10:55
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions.

Action-Not Available
Vendor-elementorn/a
Product-elementor_page_buildern/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-43858
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-46.63% / 97.58%
||
7 Day CHG~0.00%
Published-27 Dec, 2021 | 21:20
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User privilege escalation in MinIO

MinIO is a Kubernetes native application for cloud storage. Prior to version `RELEASE.2021-12-27T07-23-18Z`, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version `RELEASE.2021-12-27T07-23-18Z` changes the accepted request body type and removes the ability to apply policy changes through this API. There is a workaround for this vulnerability: Changing passwords can be disabled by adding an explicit `Deny` rule to disable the API for users.

Action-Not Available
Vendor-miniominio
Product-miniominio
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-863
Incorrect Authorization
CVE-2017-20080
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.28% / 50.92%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 06:06
Updated-15 Apr, 2025 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hindu Matrimonial Script googleads.php privileges management

A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. Affected by this issue is some unknown functionality of the file /admin/googleads.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-hindu_matrimonial_script_projectunspecified
Product-hindu_matrimonial_scriptHindu Matrimonial Script
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-46145
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.16% / 37.50%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:32
Updated-05 May, 2025 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Themify Ultra theme <= 7.3.5 - Authenticated Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Themify Themify Ultra allows Privilege Escalation.This issue affects Themify Ultra: from n/a through 7.3.5.

Action-Not Available
Vendor-themifyThemify
Product-ultraThemify Ultra
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-20037
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.21% / 43.48%
||
7 Day CHG~0.00%
Published-11 Jun, 2022 | 10:00
Updated-15 Apr, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SICUNET Access Controller privileges management

A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely.

Action-Not Available
Vendor-sicunetSICUNET
Product-access_controlAccess Controller
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-20074
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.28% / 50.92%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 06:05
Updated-15 Apr, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hindu Matrimonial Script newsletter1.php privileges management

A vulnerability was found in Hindu Matrimonial Script and classified as critical. Affected by this issue is some unknown functionality of the file /admin/newsletter1.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-hindu_matrimonial_script_projectunspecified
Product-hindu_matrimonial_scriptHindu Matrimonial Script
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-20071
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.28% / 50.92%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 06:05
Updated-15 Apr, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hindu Matrimonial Script renewaldue.php privileges management

A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. This issue affects some unknown processing of the file /admin/renewaldue.php. The manipulation leads to improper privilege management. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-hindu_matrimonial_script_projectunspecified
Product-hindu_matrimonial_scriptHindu Matrimonial Script
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-20078
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.28% / 50.92%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 06:06
Updated-15 Apr, 2025 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hindu Matrimonial Script featured.php privileges management

A vulnerability classified as critical has been found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/featured.php. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-hindu_matrimonial_script_projectunspecified
Product-hindu_matrimonial_scriptHindu Matrimonial Script
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-20081
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.28% / 50.92%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 06:06
Updated-15 Apr, 2025 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hindu Matrimonial Script reports.php privileges management

A vulnerability, which was classified as critical, was found in Hindu Matrimonial Script. This affects an unknown part of the file /admin/reports.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-hindu_matrimonial_script_projectunspecified
Product-hindu_matrimonial_scriptHindu Matrimonial Script
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-20068
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.27% / 50.16%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 06:05
Updated-15 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hindu Matrimonial Script usermanagement.php privileges management

A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/usermanagement.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-hindu_matrimonial_script_projectunspecified
Product-hindu_matrimonial_scriptHindu Matrimonial Script
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-20072
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.28% / 50.92%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 06:05
Updated-15 Apr, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hindu Matrimonial Script generalsettings.php privileges management

A vulnerability, which was classified as critical, was found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/generalsettings.php. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-hindu_matrimonial_script_projectunspecified
Product-hindu_matrimonial_scriptHindu Matrimonial Script
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-20079
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.28% / 50.92%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 06:06
Updated-15 Apr, 2025 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hindu Matrimonial Script photo.php privileges management

A vulnerability classified as critical was found in Hindu Matrimonial Script. Affected by this vulnerability is an unknown functionality of the file /admin/photo.php. The manipulation leads to improper privilege management. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-hindu_matrimonial_script_projectunspecified
Product-hindu_matrimonial_scriptHindu Matrimonial Script
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-20070
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.28% / 50.92%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 06:05
Updated-15 Apr, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hindu Matrimonial Script communitymanagement.php privileges management

A vulnerability classified as critical was found in Hindu Matrimonial Script. This vulnerability affects unknown code of the file /admin/communitymanagement.php. The manipulation leads to improper privilege management. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-hindu_matrimonial_script_projectunspecified
Product-hindu_matrimonial_scriptHindu Matrimonial Script
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-25194
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.8||HIGH
EPSS-0.15% / 36.87%
||
7 Day CHG~0.00%
Published-23 Dec, 2020 | 14:08
Updated-16 Sep, 2024 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MOXA NPort IAW5000A-I/O Series

The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges.

Action-Not Available
Vendor-Moxa Inc.
Product-nport_iaw5000a-i\/onport_iaw5000a-i\/o_firmwareNPort IAW5000A-I/O
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-26596
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-16.94% / 94.71%
||
7 Day CHG~0.00%
Published-07 Oct, 2020 | 15:32
Updated-04 Aug, 2024 | 15:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet. NOTE: this issue can be mitigated by removing the Dynamic OOO widget or by restricting availability of the Editor role.

Action-Not Available
Vendor-elementorn/aWordPress.org
Product-wordpresselementor_pron/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-20077
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.28% / 50.92%
||
7 Day CHG~0.00%
Published-21 Jun, 2022 | 06:05
Updated-15 Apr, 2025 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hindu Matrimonial Script success_story.php privileges management

A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. This issue affects some unknown processing of the file /admin/success_story.php. The manipulation leads to improper privilege management. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-hindu_matrimonial_script_projectunspecified
Product-hindu_matrimonial_scriptHindu Matrimonial Script
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-22509
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-8.8||HIGH
EPSS-0.29% / 51.61%
||
7 Day CHG~0.00%
Published-02 Feb, 2022 | 12:26
Updated-17 Sep, 2024 | 01:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHOENIX CONTACT: FL SWITCH 2xxx series incorrect privilege assignment

In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration.

Action-Not Available
Vendor-n/aPhoenix Contact GmbH & Co. KG
Product-fl_switch_2212-2tc-2sfx_firmwarefl_switch_2312-2gc-2sfp_firmwarefl_switch_2308_pn_firmwarefl_switch_2306-2sfp_firmwarefl_switch_2108fl_switch_2008fl_switch_2206-2sfxfl_switch_2406-2sfx_firmwarefl_switch_2314-2sfp_pn_firmwarefl_switch_2116fl_switch_2316\/k1_firmwarefl_switch_2008f_firmwarefl_switch_2206-2fx_stfl_switch_2306-2sfp_pn_firmwarefl_switch_2208_pnfl_switch_2216_pn_firmwarefl_switch_2408_pn_firmwarefl_switch_2214-2fx_firmwarefl_switch_2608_pnfl_switch_2206-2fx_st_firmwarefl_switch_2414-2sfx_pn_firmwarefl_switch_2308fl_switch_2314-2sfpfl_switch_2314-2sfp_pnfl_switch_2214-2fx_sm_firmwarefl_switch_2216_pnfl_switch_2005_firmwarefl_switch_2206c-2fx_firmwarefl_switch_2416_pnfl_switch_2316_pnfl_switch_2216fl_switch_2708_pnfl_switch_2404-2tc-2sfx_firmwarefl_switch_2506-2sfp_pn_firmwarefl_switch_2205fl_switch_2408_pnfl_switch_2206-2fx_sm_firmwarefl_switch_2608fl_switch_2208_pn_firmwarefl_switch_2516_pn_firmwarefl_switch_2506-2sfp\/k1_firmwarefl_switch_2406-2sfxfl_switch_2214-2sfxfl_switch_2208cfl_switch_2506-2sfp_firmwarefl_switch_2016_firmwarefl_switch_2207-fx_firmwarefl_switch_2514-2sfp_pnfl_switch_2508fl_switch_2308_pnfl_switch_2212-2tc-2sfxfl_switch_2414-2sfx_pnfl_switch_2008_firmwarefl_switch_2214-2sfx_firmwarefl_switch_2416fl_switch_2608_firmwarefl_switch_2116_firmwarefl_switch_2206-2sfx_pnfl_switch_2504-2gc-2sfpfl_switch_2406-2sfx_pn_firmwarefl_switch_2414-2sfxfl_switch_2708_firmwarefl_switch_2304-2gc-2sfp_firmwarefl_switch_2408_firmwarefl_switch_2516_pnfl_switch_2508_pn_firmwarefl_switch_2316_firmwarefl_switch_2206-2sfx_firmwarefl_switch_2514-2sfp_firmwarefl_switch_2016fl_switch_2105fl_switch_2416_pn_firmwarefl_switch_2406-2sfx_pnfl_switch_2412-2tc-2sfxfl_switch_2312-2gc-2sfpfl_switch_2512-2gc-2sfpfl_switch_2514-2sfpfl_switch_2504-2gc-2sfp_firmwarefl_switch_2506-2sfp\/k1fl_switch_2508_firmwarefl_switch_2207-fx_sm_firmwarefl_switch_2214-2fx_smfl_switch_2316\/k1fl_switch_2316fl_switch_2204-2tc-2sfx_firmwarefl_switch_2608_pn_firmwarefl_switch_2214-2sfx_pnfl_switch_2508\/k1_firmwarefl_switch_2506-2sfp_pnfl_switch_2514-2sfp_pn_firmwarefl_switch_2008ffl_switch_2416_firmwarefl_switch_2214-2sfx_pn_firmwarefl_switch_2206-2fxfl_switch_2314-2sfp_firmwarefl_switch_2204-2tc-2sfxfl_switch_2414-2sfx_firmwarefl_switch_2206-2fx_sm_st_firmwarefl_switch_2206-2sfx_pn_firmwarefl_switch_2708fl_switch_2207-fx_smfl_switch_2708_pn_firmwarefl_switch_2512-2gc-2sfp_firmwarefl_switch_2508_pnfl_switch_2412-2tc-2sfx_firmwarefl_switch_2205_firmwarefl_switch_2316_pn_firmwarefl_switch_2105_firmwarefl_switch_2208fl_switch_2214-2fxfl_switch_2508\/k1fl_switch_2516fl_switch_2206-2fx_firmwarefl_switch_2308_firmwarefl_switch_2005fl_switch_2306-2sfp_pnfl_switch_2216_firmwarefl_switch_2506-2sfpfl_switch_2206c-2fxfl_switch_2408fl_switch_2306-2sfpfl_switch_2206-2fx_smfl_switch_2206-2fx_sm_stfl_switch_2304-2gc-2sfpfl_switch_2404-2tc-2sfxfl_switch_2207-fxfl_switch_2516_firmwarefl_switch_2208c_firmwarefl_switch_2208_firmwarefl_switch_2108_firmwaren/a
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • Next
Details not found