Common Weakness Enumeration

CWE-266

Allowed

Incorrect Privilege Assignment

Abstraction: Base · Status: Draft

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

1913 vulnerabilities reference this CWE, most recent first.

GHSA-5542-H87W-J2J2

Vulnerability from github – Published: 2026-06-26 15:32 – Updated: 2026-06-26 15:32
VLAI
Details

Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-56010"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-26T15:16:42Z",
    "severity": "HIGH"
  },
  "details": "Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce \u003c= 10.4.0 versions.",
  "id": "GHSA-5542-h87w-j2j2",
  "modified": "2026-06-26T15:32:15Z",
  "published": "2026-06-26T15:32:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-56010"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/woocommerce-abandon-cart-pro/vulnerability/wordpress-abandoned-cart-pro-for-woocommerce-plugin-10-4-0-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5589-95H2-HHJV

Vulnerability from github – Published: 2025-12-18 09:30 – Updated: 2026-01-20 15:32
VLAI
Details

Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege Escalation.This issue affects Soledad: from n/a through <= 8.6.9.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-64188"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-18T08:16:10Z",
    "severity": "CRITICAL"
  },
  "details": "Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege Escalation.This issue affects Soledad: from n/a through \u003c= 8.6.9.",
  "id": "GHSA-5589-95h2-hhjv",
  "modified": "2026-01-20T15:32:31Z",
  "published": "2025-12-18T09:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64188"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Theme/soledad/vulnerability/wordpress-soledad-theme-8-6-9-privilege-escalation-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://vdp.patchstack.com/database/Wordpress/Theme/soledad/vulnerability/wordpress-soledad-theme-8-6-9-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5742-QXVW-5848

Vulnerability from github – Published: 2025-05-19 21:30 – Updated: 2026-04-01 18:35
VLAI
Details

Incorrect Privilege Assignment vulnerability in Contempo Themes Real Estate 7 allows Privilege Escalation.This issue affects Real Estate 7: from n/a through 3.5.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-39459"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-19T19:15:50Z",
    "severity": "HIGH"
  },
  "details": "Incorrect Privilege Assignment vulnerability in Contempo Themes Real Estate 7 allows Privilege Escalation.This issue affects Real Estate 7: from n/a through 3.5.2.",
  "id": "GHSA-5742-qxvw-5848",
  "modified": "2026-04-01T18:35:12Z",
  "published": "2025-05-19T21:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39459"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/theme/realestate-7/vulnerability/wordpress-real-estate-7-theme-3-5-2-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-5769-WGJ3-Q779

Vulnerability from github – Published: 2026-01-15 15:31 – Updated: 2026-01-15 15:31
VLAI
Details

An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-22914"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-15T13:16:06Z",
    "severity": "MODERATE"
  },
  "details": "An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.",
  "id": "GHSA-5769-wgj3-q779",
  "modified": "2026-01-15T15:31:18Z",
  "published": "2026-01-15T15:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22914"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/psirt"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
    },
    {
      "type": "WEB",
      "url": "https://www.first.org/cvss/calculator/3.1"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.json"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/.well-known/csaf/white/2026/sca-2026-0001.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.sick.com/media/docs/9/19/719/special_information_sick_operating_guidelines_cybersecurity_by_sick_en_im0106719.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-577H-JJ3M-6VW4

Vulnerability from github – Published: 2025-11-06 18:32 – Updated: 2026-01-20 15:31
VLAI
Details

Incorrect Privilege Assignment vulnerability in bPlugins Advanced scrollbar advanced-scrollbar allows Privilege Escalation.This issue affects Advanced scrollbar: from n/a through <= 1.1.8.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49900"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-06T16:15:54Z",
    "severity": "HIGH"
  },
  "details": "Incorrect Privilege Assignment vulnerability in bPlugins Advanced scrollbar advanced-scrollbar allows Privilege Escalation.This issue affects Advanced scrollbar: from n/a through \u003c= 1.1.8.",
  "id": "GHSA-577h-jj3m-6vw4",
  "modified": "2026-01-20T15:31:47Z",
  "published": "2025-11-06T18:32:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49900"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/advanced-scrollbar/vulnerability/wordpress-advanced-scrollbar-plugin-1-1-8-privilege-escalation-vulnerability?_s_id=cve"
    },
    {
      "type": "WEB",
      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/advanced-scrollbar/vulnerability/wordpress-advanced-scrollbar-plugin-1-1-8-privilege-escalation-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://vdp.patchstack.com/database/Wordpress/Plugin/advanced-scrollbar/vulnerability/wordpress-advanced-scrollbar-plugin-1-1-8-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-57C7-RCV3-9V8R

Vulnerability from github – Published: 2026-05-27 12:31 – Updated: 2026-05-27 12:31
VLAI
Details

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through <= 5.4.9.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-42731"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-27T11:16:19Z",
    "severity": "CRITICAL"
  },
  "details": "Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through \u003c= 5.4.9.",
  "id": "GHSA-57c7-rcv3-9v8r",
  "modified": "2026-05-27T12:31:22Z",
  "published": "2026-05-27T12:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42731"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/miniorange-otp-verification/vulnerability/wordpress-miniorange-otp-verification-plugin-5-4-9-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-57G4-CRPH-5QV5

Vulnerability from github – Published: 2026-02-07 09:32 – Updated: 2026-02-07 09:32
VLAI
Details

A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component User Management Endpoint. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-2076"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-07T07:15:46Z",
    "severity": "MODERATE"
  },
  "details": "A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\\repos\\warehouse\\src\\main\\java\\com\\yeqifu\\sys\\controller\\UserController.java of the component User Management Endpoint. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.",
  "id": "GHSA-57g4-crph-5qv5",
  "modified": "2026-02-07T09:32:02Z",
  "published": "2026-02-07T09:32:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2076"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yeqifu/warehouse/issues/53"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yeqifu/warehouse/issues/53#issue-3846651070"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yeqifu/warehouse"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.344642"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.344642"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.745509"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-584J-3PF8-566F

Vulnerability from github – Published: 2026-03-25 18:31 – Updated: 2026-03-26 18:31
VLAI
Details

Incorrect Privilege Assignment vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Privilege Escalation.This issue affects WPBookit Pro: from n/a through <= 1.6.18.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-25414"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-25T17:16:50Z",
    "severity": "HIGH"
  },
  "details": "Incorrect Privilege Assignment vulnerability in iqonicdesign WPBookit Pro wpbookit-pro allows Privilege Escalation.This issue affects WPBookit Pro: from n/a through \u003c= 1.6.18.",
  "id": "GHSA-584j-3pf8-566f",
  "modified": "2026-03-26T18:31:34Z",
  "published": "2026-03-25T18:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25414"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/wpbookit-pro/vulnerability/wordpress-wpbookit-pro-plugin-1-6-18-privilege-escalation-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-58QW-QVFH-938C

Vulnerability from github – Published: 2026-04-29 15:30 – Updated: 2026-06-06 09:31
VLAI
Details

Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process.

This issue affects Pardus Software Center: before 1.0.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-5141"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-29T15:16:07Z",
    "severity": "HIGH"
  },
  "details": "Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process.\n\nThis issue affects Pardus Software Center: before 1.0.3.",
  "id": "GHSA-58qw-qvfh-938c",
  "modified": "2026-06-06T09:31:16Z",
  "published": "2026-04-29T15:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5141"
    },
    {
      "type": "WEB",
      "url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0131"
    },
    {
      "type": "WEB",
      "url": "https://www.usom.gov.tr/bildirim/tr-26-0131"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-58WC-8WRV-XP9J

Vulnerability from github – Published: 2026-06-16 21:31 – Updated: 2026-06-18 20:14
VLAI
Summary
Duplicate Advisory: Active Memory write scope could mutate global config
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-x629-46cc-7xgw. This link is maintained to preserve external references.

Original Description

OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2026.5.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-18T20:14:57Z",
    "nvd_published_at": "2026-06-16T19:17:01Z",
    "severity": "MODERATE"
  },
  "details": "## Duplicate Advisory\n\nThis advisory has been withdrawn because it is a duplicate of\u00a0GHSA-x629-46cc-7xgw. This link is maintained to preserve external references.\n\n## Original Description\nOpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope.",
  "id": "GHSA-58wc-8wrv-xp9j",
  "modified": "2026-06-18T20:14:57Z",
  "published": "2026-06-16T21:31:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-x629-46cc-7xgw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53847"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-active-memory-write-scope"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Duplicate Advisory: Active Memory write scope could mutate global config",
  "withdrawn": "2026-06-18T20:14:57Z"
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

No CAPEC attack patterns related to this CWE.