Common Weakness Enumeration

CWE-266

Allowed

Incorrect Privilege Assignment

Abstraction: Base · Status: Draft

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

1913 vulnerabilities reference this CWE, most recent first.

CVE-2024-8420 (GCVE-0-2024-8420)

Vulnerability from cvelistv5 – Published: 2025-02-28 08:23 – Updated: 2026-04-08 17:29
VLAI
Title
DHVC Form <= 2.4.7 - Unauthenticated Privilege Escalation
Summary
The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on sites.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
Impacted products
Vendor Product Version
SiteSao DHVC Form Affected: 0 , ≤ 2.4.7 (semver)
Create a notification for this product.
Credits
Tonn
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8420",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-28T14:44:12.231449Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-28T14:45:44.819Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "DHVC Form",
          "vendor": "SiteSao",
          "versions": [
            {
              "lessThanOrEqual": "2.4.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tonn"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the \u0027role\u0027 field when registering. This makes it possible for unauthenticated attackers to register as an administrator on sites."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266 Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:29:43.170Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4d51a0c-c625-4732-b345-df02971fbffa?source=cve"
        },
        {
          "url": "https://codecanyon.net/item/dhvc-form-wordpress-form-for-visual-composer/8326593"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-27T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "DHVC Form \u003c= 2.4.7 - Unauthenticated Privilege Escalation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-8420",
    "datePublished": "2025-02-28T08:23:19.298Z",
    "dateReserved": "2024-09-04T13:55:12.359Z",
    "dateUpdated": "2026-04-08T17:29:43.170Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-8253 (GCVE-0-2024-8253)

Vulnerability from cvelistv5 – Published: 2024-09-11 03:31 – Updated: 2024-09-11 18:56
VLAI
Title
Post Grid and Gutenberg Blocks 2.2.87 - 2.2.90 - Authenticated (Subscriber+) Privilege Escalation
Summary
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta to become an administrator.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
Impacted products
Vendor Product Version
pickplugins Post Grid and Gutenberg Blocks Affected: 2.2.87 , ≤ 2.2.90 (semver)
Create a notification for this product.
pickplugins post_grid Affected: 2.2.87 , ≤ 2.2.90 (semver)
    cpe:2.3:a:pickplugins:post_grid:-:*:*:*:*:wordpress:*:*
Create a notification for this product.
Credits
wesley
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:pickplugins:post_grid:-:*:*:*:*:wordpress:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "post_grid",
            "vendor": "pickplugins",
            "versions": [
              {
                "lessThanOrEqual": "2.2.90",
                "status": "affected",
                "version": "2.2.87",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8253",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-11T18:54:38.277289Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T18:56:30.780Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Post Grid and Gutenberg Blocks",
          "vendor": "pickplugins",
          "versions": [
            {
              "lessThanOrEqual": "2.2.90",
              "status": "affected",
              "version": "2.2.87",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "wesley"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta to become an administrator."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266 Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-11T03:31:07.619Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5f18cae-b7f8-4afd-adfa-c616c63f9419?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/post-grid/trunk/includes/blocks/form-wrap/functions.php#L3032"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3130155/post-grid/tags/2.2.87/includes/blocks/form-wrap/functions.php"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3146752/post-grid/tags/2.2.91/includes/blocks/form-wrap/functions.php"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-09-10T14:51:09.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Post Grid and Gutenberg Blocks 2.2.87 - 2.2.90 - Authenticated (Subscriber+) Privilege Escalation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-8253",
    "datePublished": "2024-09-11T03:31:07.619Z",
    "dateReserved": "2024-08-28T00:28:05.802Z",
    "dateUpdated": "2024-09-11T18:56:30.780Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-7480 (GCVE-0-2024-7480)

Vulnerability from cvelistv5 – Published: 2024-08-08 16:04 – Updated: 2025-10-01 01:33
VLAI
Title
Improper access control in Avaya Aura System Manager
Summary
An Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system. Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Avaya Aura System Manager Affected: 10.1.x.x
Affected: 10.2.x.x
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7480",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-08T18:37:59.919717Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-08T18:40:15.191Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Aura System Manager",
          "vendor": "Avaya",
          "versions": [
            {
              "status": "affected",
              "version": "10.1.x.x"
            },
            {
              "status": "affected",
              "version": "10.2.x.x"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An\u0026nbsp;Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system.\u0026nbsp;Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support."
            }
          ],
          "value": "An\u00a0Improper access control vulnerability was found in Avaya Aura System Manager which could allow a command-line interface (CLI) user with administrative privileges to read arbitrary files on the system.\u00a0Affected versions include 10.1.x.x and 10.2.x.x. Versions prior to 10.1 are end of manufacturer support."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-180",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-01T01:33:36.494Z",
        "orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
        "shortName": "avaya"
      },
      "references": [
        {
          "url": "https://download.avaya.com/css/public/documents/101091159"
        }
      ],
      "source": {
        "defect": [
          "ZEPHYR-70310"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Improper access control in Avaya Aura System Manager",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
    "assignerShortName": "avaya",
    "cveId": "CVE-2024-7480",
    "datePublished": "2024-08-08T16:04:25.989Z",
    "dateReserved": "2024-08-05T08:33:54.944Z",
    "dateUpdated": "2025-10-01T01:33:36.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6758 (GCVE-0-2024-6758)

Vulnerability from cvelistv5 – Published: 2024-08-12 10:20 – Updated: 2025-08-22 09:00
VLAI
Title
Improper Privilege Management vulnerability in Sprecher Automation SPRECON-E
Summary
Improper Privilege Management in Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker with low privileges to save unauthorized protection assignments.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
Vendor Product Version
Sprecher Automation SPRECON-E Affected: 0 , < < 8.71j (custom)
Create a notification for this product.
Date Public
2024-07-17 07:00
Credits
Sprecher Automation
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6758",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-13T20:19:24.737764Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-13T20:19:35.263Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SPRECON-E",
          "vendor": "Sprecher Automation",
          "versions": [
            {
              "lessThan": "\u003c 8.71j",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Sprecher Automation"
        }
      ],
      "datePublic": "2024-07-17T07:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Privilege Management\u0026nbsp;in\u0026nbsp;Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker with low privileges to save unauthorized protection assignments."
            }
          ],
          "value": "Improper Privilege Management\u00a0in\u00a0Sprecher Automation SPRECON-E below version 8.71j allows a remote attacker with low privileges to save unauthorized protection assignments."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266 Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-22T09:00:03.779Z",
        "orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
        "shortName": "CERTVDE"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.sprecher-automation.com/fileadmin/itSecurity/PDF/SPR-2407171_de.pdf"
        }
      ],
      "source": {
        "advisory": "SPR-2407171",
        "defect": [
          "CERT@VDE#641665"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Improper Privilege Management vulnerability in Sprecher Automation SPRECON-E",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
    "assignerShortName": "CERTVDE",
    "cveId": "CVE-2024-6758",
    "datePublished": "2024-08-12T10:20:10.039Z",
    "dateReserved": "2024-07-15T13:31:48.338Z",
    "dateUpdated": "2025-08-22T09:00:03.779Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6322 (GCVE-0-2024-6322)

Vulnerability from cvelistv5 – Published: 2024-08-20 17:52 – Updated: 2025-11-23 15:33
VLAI
Summary
Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query access to the impacted datasource.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Grafana Grafana Affected: 11.1.0 , < 11.1.1 (semver)
Affected: 11.1.2 , < 11.1.3 (semver)
Create a notification for this product.
Grafana Grafana Enterprise Affected: 11.1.0 , < 11.1.1 (semver)
Affected: 11.1.2 , < 11.1.3 (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6322",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-21T13:25:17.993382Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-03T17:04:40.540Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Grafana",
          "vendor": "Grafana",
          "versions": [
            {
              "lessThan": "11.1.1",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "11.1.3",
              "status": "affected",
              "version": "11.1.2",
              "versionType": "semver"
            }
          ]
        },
        {
          "product": "Grafana Enterprise",
          "vendor": "Grafana",
          "versions": [
            {
              "lessThan": "11.1.1",
              "status": "affected",
              "version": "11.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "11.1.3",
              "status": "affected",
              "version": "11.1.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Access control for plugin data sources protected by the ReqActions json field of the plugin.json is bypassed if the user or service account is granted associated access to any other data source, as the ReqActions check was not scoped to each specific datasource. The account must have prior query access to the impacted datasource."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-23T15:33:04.210Z",
        "orgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
        "shortName": "GRAFANA"
      },
      "references": [
        {
          "url": "https://grafana.com/security/security-advisories/cve-2024-6322/"
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "57da9224-a3e2-4646-9d0e-c4dc2e05e7da",
    "assignerShortName": "GRAFANA",
    "cveId": "CVE-2024-6322",
    "datePublished": "2024-08-20T17:52:06.232Z",
    "dateReserved": "2024-06-25T13:25:06.436Z",
    "dateUpdated": "2025-11-23T15:33:04.210Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-4870 (GCVE-0-2024-4870)

Vulnerability from cvelistv5 – Published: 2024-06-04 02:00 – Updated: 2026-04-08 17:22
VLAI
Title
Frontend Registration – Contact Form 7 <= 5.1 - Authenticated (Editor+) Privilege Escalation
Summary
The Frontend Registration – Contact Form 7 plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1 due to insufficient restriction on the '_cf7frr_' post meta. This makes it possible for authenticated attackers, with editor-level access and above, to modify the default user role in the registration form settings.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
Impacted products
Credits
István Márton
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4870",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-04T15:26:02.603792Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:56:14.283Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:55:10.245Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca616ae6-59d3-4037-b538-d371f007a037?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/browser/frontend-registration-contact-form-7/trunk/frontend-registration-cf7.php?rev=2975770#L244"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Frontend Registration \u2013 Contact Form 7",
          "vendor": "pokornydavid",
          "versions": [
            {
              "lessThanOrEqual": "5.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Istv\u00e1n M\u00e1rton"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Frontend Registration \u2013 Contact Form 7 plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1 due to insufficient restriction on the \u0027_cf7frr_\u0027 post meta. This makes it possible for authenticated attackers, with editor-level access and above, to modify the default user role in the registration form settings."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266 Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:22:08.762Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ca616ae6-59d3-4037-b538-d371f007a037?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/frontend-registration-contact-form-7/trunk/frontend-registration-cf7.php?rev=2975770#L244"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-05-14T00:00:00.000Z",
          "value": "Discovered"
        },
        {
          "lang": "en",
          "time": "2024-06-03T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Frontend Registration \u2013 Contact Form 7 \u003c= 5.1 - Authenticated (Editor+) Privilege Escalation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-4870",
    "datePublished": "2024-06-04T02:00:54.640Z",
    "dateReserved": "2024-05-14T13:28:23.376Z",
    "dateUpdated": "2026-04-08T17:22:08.762Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-4555 (GCVE-0-2024-4555)

Vulnerability from cvelistv5 – Published: 2024-08-28 06:27 – Updated: 2025-10-06 13:30
VLAI
Title
User impersonation with MFA when configure in specific way
Summary
Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
Impacted products
Vendor Product Version
OpenText NetIQ Access Manager Affected: 5.0.4.1 , < < (server)
Affected: 5.1 , < < (server)
Create a notification for this product.
netiq access_manager Affected: 0 , < 5.0.4.1 (custom)
Affected: 0 , < 5.1 (custom)
    cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "access_manager",
            "vendor": "netiq",
            "versions": [
              {
                "lessThan": "5.0.4.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "5.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4555",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-28T13:26:27.557273Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-28T13:27:19.829Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Linux"
          ],
          "product": "NetIQ Access Manager",
          "vendor": "OpenText",
          "versions": [
            {
              "lessThan": "\u003c",
              "status": "affected",
              "version": "5.0.4.1",
              "versionType": "server"
            },
            {
              "lessThan": "\u003c",
              "status": "affected",
              "version": "5.1",
              "versionType": "server"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario.\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eThis issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1\u003c/span\u003e"
            }
          ],
          "value": "Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario.\u00a0This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-122",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-122 Privilege Abuse"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266: Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-06T13:30:22.423Z",
        "orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
        "shortName": "OpenText"
      },
      "references": [
        {
          "url": "https://www.microfocus.com/documentation/access-manager/5.0/accessmanager504-p1-release-notes/accessmanager504-p1-release-notes.html"
        },
        {
          "url": "https://www.microfocus.com/documentation/access-manager/5.1/accessmanager51-release-notes/accessmanager51-release-notes.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "User impersonation with MFA when configure in specific way",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
    "assignerShortName": "OpenText",
    "cveId": "CVE-2024-4555",
    "datePublished": "2024-08-28T06:27:21.348Z",
    "dateReserved": "2024-05-06T17:46:21.043Z",
    "dateUpdated": "2025-10-06T13:30:22.423Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-3013 (GCVE-0-2024-3013)

Vulnerability from cvelistv5 – Published: 2024-03-28 00:31 – Updated: 2025-10-15 13:18
VLAI
Title
Teledyne FLIR AX8 User Registration test_login.php improper authorization
Summary
A flaw has been found in Teledyne FLIR AX8 up to 1.46.16. The impacted element is an unknown function of the file /tools/test_login.php?action=register of the component User Registration. Executing manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used. Upgrading to version 1.49.16 is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-285 - Improper Authorization
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
URL Tags
https://vuldb.com/?id.258299 vdb-entrytechnical-description
https://vuldb.com/?ctiid.258299 signaturepermissions-required
https://vuldb.com/?submit.301588 third-party-advisory
https://h0e4a0r1t.github.io/2024/vulns/FLIR-AX8%2… broken-linkexploit
Impacted products
Vendor Product Version
Teledyne FLIR AX8 Affected: 1.46.0
Affected: 1.46.1
Affected: 1.46.2
Affected: 1.46.3
Affected: 1.46.4
Affected: 1.46.5
Affected: 1.46.6
Affected: 1.46.7
Affected: 1.46.8
Affected: 1.46.9
Affected: 1.46.10
Affected: 1.46.11
Affected: 1.46.12
Affected: 1.46.13
Affected: 1.46.14
Affected: 1.46.15
Affected: 1.46.16
Unaffected: 1.49.16
Create a notification for this product.
flir flir_ax8_firmware Affected: 1.46.0
Affected: 1.46.1
Affected: 1.46.10
Affected: 1.46.11
Affected: 1.46.12
Affected: 1.46.13
Affected: 1.46.14
Affected: 1.46.15
Affected: 1.46.16
Affected: 1.46.2
Affected: 1.46.3
Affected: 1.46.4
Affected: 1.46.5
Affected: 1.46.6
Affected: 1.46.7
Affected: 1.46.8
Affected: 1.46.9
    cpe:2.3:o:flir:flir_ax8_firmware:1.46.0:*:*:*:*:*:*:*
    cpe:2.3:o:flir:flir_ax8_firmware:1.46.1:*:*:*:*:*:*:*
    cpe:2.3:o:flir:flir_ax8_firmware:1.46.10:*:*:*:*:*:*:*
    cpe:2.3:o:flir:flir_ax8_firmware:1.46.11:*:*:*:*:*:*:*
    cpe:2.3:o:flir:flir_ax8_firmware:1.46.12:*:*:*:*:*:*:*
    cpe:2.3:o:flir:flir_ax8_firmware:1.46.13:*:*:*:*:*:*:*
    cpe:2.3:o:flir:flir_ax8_firmware:1.46.14:*:*:*:*:*:*:*
    cpe:2.3:o:flir:flir_ax8_firmware:1.46.15:*:*:*:*:*:*:*
    cpe:2.3:o:flir:flir_ax8_firmware:1.46.16:*:*:*:*:*:*:*
    cpe:2.3:o:flir:flir_ax8_firmware:1.46.2:*:*:*:*:*:*:*
    cpe:2.3:o:flir:flir_ax8_firmware:1.46.3:*:*:*:*:*:*:*
    cpe:2.3:o:flir:flir_ax8_firmware:1.46.4:*:*:*:*:*:*:*
    cpe:2.3:o:flir:flir_ax8_firmware:1.46.5:*:*:*:*:*:*:*
    cpe:2.3:o:flir:flir_ax8_firmware:1.46.6:*:*:*:*:*:*:*
    cpe:2.3:o:flir:flir_ax8_firmware:1.46.7:*:*:*:*:*:*:*
    cpe:2.3:o:flir:flir_ax8_firmware:1.46.8:*:*:*:*:*:*:*
    cpe:2.3:o:flir:flir_ax8_firmware:1.46.9:*:*:*:*:*:*:*
Create a notification for this product.
Credits
H0e4a0r1t (VulDB User)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:32:42.489Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-258299 | FLIR AX8 User Registration improper authorization",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.258299"
          },
          {
            "name": "VDB-258299 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.258299"
          },
          {
            "name": "Submit #301588 | FLIR FLIR-AX8 Fixed Thermal Cameras 1.46.16 and below Register any user in the background",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?submit.301588"
          },
          {
            "tags": [
              "exploit",
              "x_transferred"
            ],
            "url": "https://h0e4a0r1t.github.io/2024/vulns/FLIR-AX8%20Fixed%20Thermal%20Cameras%20Register%20any%20user%20in%20the%20background--test_login.php.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:flir:flir_ax8_firmware:1.46.0:*:*:*:*:*:*:*",
              "cpe:2.3:o:flir:flir_ax8_firmware:1.46.1:*:*:*:*:*:*:*",
              "cpe:2.3:o:flir:flir_ax8_firmware:1.46.10:*:*:*:*:*:*:*",
              "cpe:2.3:o:flir:flir_ax8_firmware:1.46.11:*:*:*:*:*:*:*",
              "cpe:2.3:o:flir:flir_ax8_firmware:1.46.12:*:*:*:*:*:*:*",
              "cpe:2.3:o:flir:flir_ax8_firmware:1.46.13:*:*:*:*:*:*:*",
              "cpe:2.3:o:flir:flir_ax8_firmware:1.46.14:*:*:*:*:*:*:*",
              "cpe:2.3:o:flir:flir_ax8_firmware:1.46.15:*:*:*:*:*:*:*",
              "cpe:2.3:o:flir:flir_ax8_firmware:1.46.16:*:*:*:*:*:*:*",
              "cpe:2.3:o:flir:flir_ax8_firmware:1.46.2:*:*:*:*:*:*:*",
              "cpe:2.3:o:flir:flir_ax8_firmware:1.46.3:*:*:*:*:*:*:*",
              "cpe:2.3:o:flir:flir_ax8_firmware:1.46.4:*:*:*:*:*:*:*",
              "cpe:2.3:o:flir:flir_ax8_firmware:1.46.5:*:*:*:*:*:*:*",
              "cpe:2.3:o:flir:flir_ax8_firmware:1.46.6:*:*:*:*:*:*:*",
              "cpe:2.3:o:flir:flir_ax8_firmware:1.46.7:*:*:*:*:*:*:*",
              "cpe:2.3:o:flir:flir_ax8_firmware:1.46.8:*:*:*:*:*:*:*",
              "cpe:2.3:o:flir:flir_ax8_firmware:1.46.9:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "flir_ax8_firmware",
            "vendor": "flir",
            "versions": [
              {
                "status": "affected",
                "version": "1.46.0"
              },
              {
                "status": "affected",
                "version": "1.46.1"
              },
              {
                "status": "affected",
                "version": "1.46.10"
              },
              {
                "status": "affected",
                "version": "1.46.11"
              },
              {
                "status": "affected",
                "version": "1.46.12"
              },
              {
                "status": "affected",
                "version": "1.46.13"
              },
              {
                "status": "affected",
                "version": "1.46.14"
              },
              {
                "status": "affected",
                "version": "1.46.15"
              },
              {
                "status": "affected",
                "version": "1.46.16"
              },
              {
                "status": "affected",
                "version": "1.46.2"
              },
              {
                "status": "affected",
                "version": "1.46.3"
              },
              {
                "status": "affected",
                "version": "1.46.4"
              },
              {
                "status": "affected",
                "version": "1.46.5"
              },
              {
                "status": "affected",
                "version": "1.46.6"
              },
              {
                "status": "affected",
                "version": "1.46.7"
              },
              {
                "status": "affected",
                "version": "1.46.8"
              },
              {
                "status": "affected",
                "version": "1.46.9"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3013",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-28T18:31:24.496579Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T13:33:55.786Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "User Registration"
          ],
          "product": "AX8",
          "vendor": "Teledyne FLIR",
          "versions": [
            {
              "status": "affected",
              "version": "1.46.0"
            },
            {
              "status": "affected",
              "version": "1.46.1"
            },
            {
              "status": "affected",
              "version": "1.46.2"
            },
            {
              "status": "affected",
              "version": "1.46.3"
            },
            {
              "status": "affected",
              "version": "1.46.4"
            },
            {
              "status": "affected",
              "version": "1.46.5"
            },
            {
              "status": "affected",
              "version": "1.46.6"
            },
            {
              "status": "affected",
              "version": "1.46.7"
            },
            {
              "status": "affected",
              "version": "1.46.8"
            },
            {
              "status": "affected",
              "version": "1.46.9"
            },
            {
              "status": "affected",
              "version": "1.46.10"
            },
            {
              "status": "affected",
              "version": "1.46.11"
            },
            {
              "status": "affected",
              "version": "1.46.12"
            },
            {
              "status": "affected",
              "version": "1.46.13"
            },
            {
              "status": "affected",
              "version": "1.46.14"
            },
            {
              "status": "affected",
              "version": "1.46.15"
            },
            {
              "status": "affected",
              "version": "1.46.16"
            },
            {
              "status": "unaffected",
              "version": "1.49.16"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "H0e4a0r1t (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw has been found in Teledyne FLIR AX8 up to 1.46.16. The impacted element is an unknown function of the file /tools/test_login.php?action=register of the component User Registration. Executing manipulation can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used. Upgrading to version 1.49.16 is sufficient to resolve this issue. Upgrading the affected component is recommended. The vendor points out: \"FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities.\""
        },
        {
          "lang": "de",
          "value": "In Teledyne FLIR AX8 up to 1.46.16 ist eine Schwachstelle entdeckt worden. Betroffen davon ist eine unbekannte Funktion der Datei /tools/test_login.php?action=register der Komponente User Registration. Die Bearbeitung verursacht improper authorization. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden. Mit einem Upgrade auf Version 1.49.16 l\u00e4sst sich dieses Problem beheben. Die Aktualisierung der betroffenen Komponente wird empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-15T13:18:50.593Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-258299 | Teledyne FLIR AX8 User Registration test_login.php improper authorization",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.258299"
        },
        {
          "name": "VDB-258299 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.258299"
        },
        {
          "name": "Submit #301588 | FLIR FLIR-AX8 Fixed Thermal Cameras 1.46.16 and below Register any user in the background",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.301588"
        },
        {
          "tags": [
            "broken-link",
            "exploit"
          ],
          "url": "https://h0e4a0r1t.github.io/2024/vulns/FLIR-AX8%20Fixed%20Thermal%20Cameras%20Register%20any%20user%20in%20the%20background--test_login.php.pdf"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-03-27T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2024-03-27T00:00:00.000Z",
          "value": "CVE reserved"
        },
        {
          "lang": "en",
          "time": "2024-03-27T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-10-15T15:23:29.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Teledyne FLIR AX8 User Registration test_login.php improper authorization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2024-3013",
    "datePublished": "2024-03-28T00:31:04.101Z",
    "dateReserved": "2024-03-27T14:18:45.366Z",
    "dateUpdated": "2025-10-15T13:18:50.593Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-2409 (GCVE-0-2024-2409)

Vulnerability from cvelistv5 – Published: 2024-03-29 08:31 – Updated: 2026-04-08 17:09
VLAI
Title
MasterStudy LMS <= 3.3.1 - Unauthenticated Privilege Escalation via stm_lms_register AJAX Action
Summary
The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges when MasterStudy LMS Pro is installed and the LMS Forms Editor add-on is enabled.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
Impacted products
Vendor Product Version
stylemix MasterStudy LMS WordPress Plugin – for Online Courses and Education Affected: 0 , ≤ 3.3.1 (semver)
Create a notification for this product.
stylemixthemes masterstudy_lms Affected: 0 , < 3.3.2 (semver)
    cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Hiroho Shimada
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T19:11:53.476Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94736152-b365-4b3a-a786-ed49f7d0fc7a?source=cve"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://docs.stylemixthemes.com/masterstudy-lms/changelog-free-version#id-3.3.2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset/3059676/masterstudy-lms-learning-management-system"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "masterstudy_lms",
            "vendor": "stylemixthemes",
            "versions": [
              {
                "lessThan": "3.3.2",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-2409",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-08T18:33:47.419360Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-08T18:34:51.364Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MasterStudy LMS WordPress Plugin \u2013 for Online Courses and Education",
          "vendor": "stylemix",
          "versions": [
            {
              "lessThanOrEqual": "3.3.1",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Hiroho Shimada"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the \u0027wp_ajax_nopriv_stm_lms_register\u0027 AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges when MasterStudy LMS Pro is installed and the LMS Forms Editor add-on is enabled."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266 Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:09:52.197Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/94736152-b365-4b3a-a786-ed49f7d0fc7a?source=cve"
        },
        {
          "url": "https://docs.stylemixthemes.com/masterstudy-lms/changelog-free-version#id-3.3.2"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset/3059676/masterstudy-lms-learning-management-system"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-03-13T00:00:00.000Z",
          "value": "Vendor Notified"
        },
        {
          "lang": "en",
          "time": "2024-03-28T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "MasterStudy LMS \u003c= 3.3.1 - Unauthenticated Privilege Escalation via stm_lms_register AJAX Action"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2024-2409",
    "datePublished": "2024-03-29T08:31:29.816Z",
    "dateReserved": "2024-03-12T21:35:10.961Z",
    "dateUpdated": "2026-04-08T17:09:52.197Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-0085 (GCVE-0-2024-0085)

Vulnerability from cvelistv5 – Published: 2024-06-13 21:23 – Updated: 2024-08-19 17:00
VLAI
Title
CVE
Summary
NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
nvidia vGPU software and Cloud Gaming Affected: All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release
Create a notification for this product.
nvidia virtual_gpu Affected: 0 , < 13.11 (custom)
Affected: 14.0 , < 16.6 (custom)
Affected: 17.0 , < 17.2 (custom)
    cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*
Create a notification for this product.
nvidia cloud_gaming_virtual_gpu Affected: 0 , < 555.52.04 (custom)
    cpe:2.3:a:nvidia:cloud_gaming_virtual_gpu:*:*:*:*:*:*:*:*
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T17:41:15.760Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:nvidia:virtual_gpu:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "virtual_gpu",
            "vendor": "nvidia",
            "versions": [
              {
                "lessThan": "13.11",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "16.6",
                "status": "affected",
                "version": "14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "17.2",
                "status": "affected",
                "version": "17.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:nvidia:cloud_gaming_virtual_gpu:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "cloud_gaming_virtual_gpu",
            "vendor": "nvidia",
            "versions": [
              {
                "lessThan": "555.52.04",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-0085",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-19T16:56:23.736265Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-19T17:00:44.334Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "vGPU software and Cloud Gaming",
          "vendor": "nvidia",
          "versions": [
            {
              "status": "affected",
              "version": "All versions up to and including 17.1, 16.5, 13.10, and the April 2024 release"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": true,
              "type": "text/html",
              "value": "NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service."
            }
          ],
          "value": "NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Data tampering, escalation of privileges, denial of service"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-13T21:23:31.505Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5551"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "CVE"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2024-0085",
    "datePublished": "2024-06-13T21:23:31.505Z",
    "dateReserved": "2023-12-02T00:41:56.027Z",
    "dateUpdated": "2024-08-19T17:00:44.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

No CAPEC attack patterns related to this CWE.