CWE-269
DiscouragedImproper Privilege Management
Abstraction: Class · Status: Draft
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
5447 vulnerabilities reference this CWE, most recent first.
CVE-2026-3629 (GCVE-0-2026-3629)
Vulnerability from cvelistv5 – Published: 2026-03-21 22:24 – Updated: 2026-04-08 16:50- CWE-269 - Improper Privilege Management
| Vendor | Product | Version | |
|---|---|---|---|
| carazo | Import and export users and customers |
Affected:
0 , ≤ 1.29.7
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3629",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-23T16:13:14.147293Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T16:13:28.413Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Import and export users and customers",
"vendor": "carazo",
"versions": [
{
"lessThanOrEqual": "1.29.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Supanat Konprom"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.29.7. This is due to the \u0027save_extra_user_profile_fields\u0027 function not properly restricting which user meta keys can be updated via profile fields. The \u0027get_restricted_fields\u0027 method does not include sensitive meta keys such as \u0027wp_capabilities\u0027. This makes it possible for unauthenticated attackers to escalate their privileges to Administrator by submitting a crafted registration request that sets the \u0027wp_capabilities\u0027 meta key. The vulnerability can only be exploited if the \"Show fields in profile\" setting is enabled and a CSV with a wp_capabilities column header has been previously imported."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:50:18.319Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/48dd9098-38e6-49da-8d22-27e12fddef51?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/1.29.7/classes/columns.php#L193"
},
{
"url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/1.29.7/classes/columns.php#L217"
},
{
"url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/1.29.7/classes/helper.php#L146"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3483330/import-users-from-csv-with-meta#file37"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-13T23:17:27.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-03-21T10:03:40.000Z",
"value": "Disclosed"
}
],
"title": "Import and export users and customers \u003c= 1.29.7 - Privilege Escalation to Administrator via save_extra_user_profile_fields"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-3629",
"datePublished": "2026-03-21T22:24:17.648Z",
"dateReserved": "2026-03-06T05:47:33.801Z",
"dateUpdated": "2026-04-08T16:50:18.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3621 (GCVE-0-2026-3621)
Vulnerability from cvelistv5 – Published: 2026-04-22 23:07 – Updated: 2026-04-24 03:55- CWE-269 - Improper Privilege Management
| URL | Tags |
|---|---|
| https://www.ibm.com/support/pages/node/7270437 | vendor-advisorypatch |
| Vendor | Product | Version | |
|---|---|---|---|
| IBM | WebSphere Application Server - Liberty |
Affected:
17.0.0.3 , ≤ 26.0.0.4
(semver)
cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:* cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.4:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3621",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-24T03:55:15.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:websphere_application_server___liberty:17.0.0.3:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:websphere_application_server___liberty:26.0.0.4:*:*:*:*:*:*:*"
],
"product": "WebSphere Application Server - Liberty",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "26.0.0.4",
"status": "affected",
"version": "17.0.0.3",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured.\u003c/p\u003e"
}
],
"value": "IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.4 IBM WebSphere Application Server Liberty is vulnerable to identity spoofing under limited conditions when an application is deployed without authentication and authorization configured."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T23:07:31.595Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7270437"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH70352. IBM WebSphere Application Server Liberty is affected by identity spoofing only when the appSecurity feature (appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0, or appSecurity-5.0) is\u00a0\u003cstrong\u003enot enabled\u003c/strong\u003e on the server. To determine if a feature is enabled for IBM WebSphere Application Server Liberty, refer to \u003ca href=\"https://www.ibm.com/support/pages/node/6553910\" rel=\"nofollow\"\u003eHow to determine if Liberty is using a specific feature\u003c/a\u003e.\u00a0\u003cbr/\u003e\u003cbr/\u003e\u003cstrong\u003eFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.4:\u003c/strong\u003e\u003cbr/\u003e\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves \u003ca href=\"https://www.ibm.com/support/pages/node/7270436\" rel=\"nofollow\"\u003ePH70352\u003c/a\u003e\u003cbr/\u003e--OR--\u003cbr/\u003e\u00b7 Apply Liberty Fix Pack 26.0.0.5 or later (targeted availability 2Q2026).\u00a0\u003cbr/\u003e\u003cbr/\u003eAdditional interim fixes may be available and linked off the interim fix download page.\u003c/p\u003e"
}
],
"value": "IBM strongly recommends addressing the vulnerability now by applying a currently available interim fix or fix pack that contains the fix for APAR PH70352. IBM WebSphere Application Server Liberty is affected by identity spoofing only when the appSecurity feature (appSecurity-1.0, appSecurity-2.0, appSecurity-3.0, appSecurity-4.0, or appSecurity-5.0) is\u00a0not enabled on the server. To determine if a feature is enabled for IBM WebSphere Application Server Liberty, refer to How to determine if Liberty is using a specific feature https://www.ibm.com/support/pages/node/6553910 .\u00a0\n\nFor IBM WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.4:\n\u00b7 Upgrade to minimal fix pack levels as required by the interim fix and then apply the Interim Fix that resolves PH70352 https://www.ibm.com/support/pages/node/7270436 \n--OR--\n\u00b7 Apply Liberty Fix Pack 26.0.0.5 or later (targeted availability 2Q2026).\u00a0\n\nAdditional interim fixes may be available and linked off the interim fix download page."
}
],
"title": "IBM WebSphere Application Server Liberty is affected by identity spoofing",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2026-3621",
"datePublished": "2026-04-22T23:07:31.595Z",
"dateReserved": "2026-03-05T21:53:23.170Z",
"dateUpdated": "2026-04-24T03:55:15.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2931 (GCVE-0-2026-2931)
Vulnerability from cvelistv5 – Published: 2026-03-26 03:37 – Updated: 2026-04-08 17:11- CWE-269 - Improper Privilege Management
| Vendor | Product | Version | |
|---|---|---|---|
| ameliabooking | Booking for Appointments and Events Calendar – Amelia |
Affected:
0 , ≤ 9.1.2
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2931",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-26T17:36:06.825143Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T17:51:16.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Booking for Appointments and Events Calendar \u2013 Amelia",
"vendor": "ameliabooking",
"versions": [
{
"lessThanOrEqual": "9.1.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Hunter Jensen"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with customer-level permissions or above to change user passwords and potentially take over administrator accounts. The vulnerability is in the pro plugin, which has the same slug."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:11:38.336Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9dbaafbb-ab7b-41d8-a8f7-178b9d42b4c5?source=cve"
},
{
"url": "https://codecanyon.net/item/amelia-enterpriselevel-appointment-booking-wordpress-plugin/22067497"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ameliabooking/tags/2.1/src/Application/Controller/User/Customer/UpdateCustomerController.php#L30"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ameliabooking/tags/2.1/src/Application/Commands/User/Customer/UpdateCustomerCommandHandler.php#L173"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-21T06:38:12.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-03-25T15:31:53.000Z",
"value": "Disclosed"
}
],
"title": "Amelia Booking \u003c= 9.1.2 - Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-2931",
"datePublished": "2026-03-26T03:37:28.098Z",
"dateReserved": "2026-02-21T06:09:02.642Z",
"dateUpdated": "2026-04-08T17:11:38.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2640 (GCVE-0-2026-2640)
Vulnerability from cvelistv5 – Published: 2026-03-11 20:23 – Updated: 2026-03-12 16:18- CWE-269 - Improper Privilege Management
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | PC Manager |
Affected:
0 , < 5.1.160.12302
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2640",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T15:35:45.292693Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:18:19.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PC Manager",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "5.1.160.12302",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:pc_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.160.12302",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks Victor Soler Renaud of Devoteam Purple Team for subsequently reporting this vulnerability."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eDuring an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T20:23:12.942Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://iknow.lenovo.com.cn/detail/438816"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eUpdate Lenovo PC Manager Version to version 5.1.160.12302 or later.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Update Lenovo PC Manager Version to version 5.1.160.12302 or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.0-beta"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2026-2640",
"datePublished": "2026-03-11T20:23:12.942Z",
"dateReserved": "2026-02-17T19:58:39.340Z",
"dateUpdated": "2026-03-12T16:18:19.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2563 (GCVE-0-2026-2563)
Vulnerability from cvelistv5 – Published: 2026-02-16 15:32 – Updated: 2026-02-23 10:12| URL | Tags |
|---|---|
| https://vuldb.com/?id.346170 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.346170 | signaturepermissions-required |
| https://vuldb.com/?submit.750987 | third-party-advisory |
| https://vuldb.com/?submit.750992 | third-party-advisory |
| https://my.feishu.cn/wiki/T3pjwxZtYiU4Gfkl6iUc3CzVnRe | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| JingDong | JD Cloud Box AX6600 |
Affected:
4.5.1.r4533
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2563",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:56:47.791492Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:56:54.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"jdcapp_rpc"
],
"product": "JD Cloud Box AX6600",
"vendor": "JingDong",
"versions": [
{
"status": "affected",
"version": "4.5.1.r4533"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ShiyuFan_BinYuan (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function set_stcreenen_deabled_status/get_status of the file /f/service/controlDevice of the component jdcapp_rpc. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T10:12:19.399Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-346170 | JingDong JD Cloud Box AX6600 jdcapp_rpc controlDevice get_status privileges management",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.346170"
},
{
"name": "VDB-346170 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.346170"
},
{
"name": "Submit #750987 | JingDong Cloud NAS Router AX6600 (4.5.1.r4533 and earlier) Remote Command Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.750987"
},
{
"name": "Submit #750992 | JingDong Cloud NAS Router AX6600 (4.5.1.r4533 and earlier) Remote Command Execution (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.750992"
},
{
"tags": [
"exploit"
],
"url": "https://my.feishu.cn/wiki/T3pjwxZtYiU4Gfkl6iUc3CzVnRe"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-20T10:46:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "JingDong JD Cloud Box AX6600 jdcapp_rpc controlDevice get_status privileges management"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2563",
"datePublished": "2026-02-16T15:32:45.758Z",
"dateReserved": "2026-02-15T19:17:13.144Z",
"dateUpdated": "2026-02-23T10:12:19.399Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2562 (GCVE-0-2026-2562)
Vulnerability from cvelistv5 – Published: 2026-02-16 15:02 – Updated: 2026-02-23 10:11| URL | Tags |
|---|---|
| https://vuldb.com/?id.346169 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.346169 | signaturepermissions-required |
| https://vuldb.com/?submit.750986 | third-party-advisory |
| https://my.feishu.cn/wiki/Umb6w4PasizunKkagYschZP1nff | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| JingDong | JD Cloud Box AX6600 |
Affected:
4.5.1.r4533
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2562",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T17:20:40.302738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T17:21:03.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"jdcweb_rpc"
],
"product": "JD Cloud Box AX6600",
"vendor": "JingDong",
"versions": [
{
"status": "affected",
"version": "4.5.1.r4533"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ShiyuFan_BinYuan (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This impacts the function cast_streen of the file /jdcapi of the component jdcweb_rpc. Executing a manipulation of the argument File can lead to Remote Privilege Escalation. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T10:11:59.788Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-346169 | JingDong JD Cloud Box AX6600 jdcweb_rpc jdcapi cast_streen privileges management",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.346169"
},
{
"name": "VDB-346169 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.346169"
},
{
"name": "Submit #750986 | JingDong Cloud NAS Router AX6600 (4.5.1.r4533 and earlier) Remote Command Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.750986"
},
{
"tags": [
"exploit"
],
"url": "https://my.feishu.cn/wiki/Umb6w4PasizunKkagYschZP1nff"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-20T10:46:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "JingDong JD Cloud Box AX6600 jdcweb_rpc jdcapi cast_streen privileges management"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2562",
"datePublished": "2026-02-16T15:02:49.628Z",
"dateReserved": "2026-02-15T19:17:10.095Z",
"dateUpdated": "2026-02-23T10:11:59.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2561 (GCVE-0-2026-2561)
Vulnerability from cvelistv5 – Published: 2026-02-16 14:32 – Updated: 2026-02-23 10:11| URL | Tags |
|---|---|
| https://vuldb.com/?id.346168 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.346168 | signaturepermissions-required |
| https://vuldb.com/?submit.750977 | third-party-advisory |
| https://my.feishu.cn/wiki/URLywnBj2i2dpBk3dcQcWqFZnSK | exploit |
| Vendor | Product | Version | |
|---|---|---|---|
| JingDong | JD Cloud Box AX6600 |
Affected:
4.5.1.r4533
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2561",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T17:21:23.224354Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T17:21:38.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"jdcweb_rpc"
],
"product": "JD Cloud Box AX6600",
"vendor": "JingDong",
"versions": [
{
"status": "affected",
"version": "4.5.1.r4533"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "ShiyuFan_BinYuan (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the function web_get_ddns_uptime of the file /jdcapi of the component jdcweb_rpc. Performing a manipulation results in Remote Privilege Escalation. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-23T10:11:39.162Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-346168 | JingDong JD Cloud Box AX6600 jdcweb_rpc jdcapi web_get_ddns_uptime privileges management",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.346168"
},
{
"name": "VDB-346168 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.346168"
},
{
"name": "Submit #750977 | JingDong Cloud NAS Router AX6600 (4.5.1.r4533 and earlier) Remote Command Execution",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.750977"
},
{
"tags": [
"exploit"
],
"url": "https://my.feishu.cn/wiki/URLywnBj2i2dpBk3dcQcWqFZnSK"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-02-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-02-20T10:46:00.000Z",
"value": "VulDB entry last update"
}
],
"title": "JingDong JD Cloud Box AX6600 jdcweb_rpc jdcapi web_get_ddns_uptime privileges management"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-2561",
"datePublished": "2026-02-16T14:32:53.736Z",
"dateReserved": "2026-02-15T19:17:05.881Z",
"dateUpdated": "2026-02-23T10:11:39.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2375 (GCVE-0-2026-2375)
Vulnerability from cvelistv5 – Published: 2026-03-21 03:26 – Updated: 2026-04-08 16:34- CWE-269 - Improper Privilege Management
| Vendor | Product | Version | |
|---|---|---|---|
| appcheap | App Builder – Create Native Android & iOS Apps On The Flight |
Affected:
0 , ≤ 5.5.10
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2375",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T13:44:12.214006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T13:44:38.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "App Builder \u2013 Create Native Android \u0026 iOS Apps On The Flight",
"vendor": "appcheap",
"versions": [
{
"lessThanOrEqual": "5.5.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Gibran Abdillah"
}
],
"descriptions": [
{
"lang": "en",
"value": "The App Builder \u2013 Create Native Android \u0026 iOS Apps On The Flight plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 5.5.10. This is due to the `verify_role()` function in `AuthTrails.php` explicitly whitelisting the `wcfm_vendor` role alongside `subscriber` and `customer`, and assigning it directly via `wp_insert_user()` without integrating with WCFM Marketplace\u0027s vendor approval workflow. This makes it possible for unauthenticated attackers to register an account with the `wcfm_vendor` role by supplying the `role` parameter in the `/wp-json/app-builder/v1/register` REST API endpoint, bypassing the standard WCFM vendor approval process and immediately gaining vendor-level privileges (product management, order access, store management) on sites where WCFM Marketplace is active."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:34:38.336Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a4521af-692a-4a84-ba9b-1904a42786c1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/app-builder/tags/5.5.10/includes/Di/Service/Auth/AuthTrails.php#L80"
},
{
"url": "https://plugins.trac.wordpress.org/browser/app-builder/tags/5.5.10/includes/Di/Service/Auth/RegisterAuth.php#L108"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-20T15:06:29.000Z",
"value": "Disclosed"
}
],
"title": "App Builder \u2013 Create Native Android \u0026 iOS Apps On The Flight \u003c= 5.5.10 - Unauthenticated Privilege Escalation via \u0027role\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-2375",
"datePublished": "2026-03-21T03:26:32.352Z",
"dateReserved": "2026-02-11T20:55:16.297Z",
"dateUpdated": "2026-04-08T16:34:38.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2144 (GCVE-0-2026-2144)
Vulnerability from cvelistv5 – Published: 2026-02-14 04:35 – Updated: 2026-04-08 16:57- CWE-269 - Improper Privilege Management
| Vendor | Product | Version | |
|---|---|---|---|
| katsushi-kawamori | Magic Login Mail or QR Code |
Affected:
0 , ≤ 2.05
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2144",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T20:38:12.495994Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T20:38:42.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Magic Login Mail or QR Code",
"vendor": "katsushi-kawamori",
"versions": [
{
"lessThanOrEqual": "2.05",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ifoundbug"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.05. This is due to the plugin storing the magic login QR code image with a predictable, static filename (QR_Code.png) in the publicly accessible WordPress uploads directory during the email sending process. The file is only deleted after wp_mail() completes, creating an exploitable race condition window. This makes it possible for unauthenticated attackers to trigger a login link request for any user, including administrators, and then exploit the race condition between QR code file creation and deletion to obtain the login URL encoded in the QR code, thereby gaining unauthorized access to the targeted user\u0027s account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:57:42.720Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/65066a17-653b-4444-9bd0-894ea8c1acb1?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/magic-login-mail/trunk/lib/class-magicloginmail.php#L325"
},
{
"url": "https://plugins.trac.wordpress.org/browser/magic-login-mail/trunk/lib/class-magicloginmail.php#L250"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3460417/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-13T16:21:07.000Z",
"value": "Disclosed"
}
],
"title": "Magic Login Mail or QR Code \u003c= 2.05 - Unauthenticated Privilege Escalation via Insecure QR Code File Storage"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-2144",
"datePublished": "2026-02-14T04:35:40.772Z",
"dateReserved": "2026-02-07T00:47:48.353Z",
"dateUpdated": "2026-04-08T16:57:42.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1994 (GCVE-0-2026-1994)
Vulnerability from cvelistv5 – Published: 2026-02-19 06:49 – Updated: 2026-04-08 16:59- CWE-269 - Improper Privilege Management
| Vendor | Product | Version | |
|---|---|---|---|
| clavaque | s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions |
Affected:
0 , ≤ 260127
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1994",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-19T21:20:12.391999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T21:20:40.661Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "s2Member \u2013 Excellent for All Kinds of Memberships, Content Restriction Paywalls \u0026 Member Access Subscriptions",
"vendor": "clavaque",
"versions": [
{
"lessThanOrEqual": "260127",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Alyudin Nafiie"
}
],
"descriptions": [
{
"lang": "en",
"value": "The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the plugin not properly validating a user\u0027s identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user\u0027s passwords, including administrators, and leverage that to gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:59:09.633Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6c31cf92-26b7-484d-8c93-ce241d655d07?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/s2member/tags/260127/src/includes/classes/registrations.inc.php#L74"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3461625/s2member#file5"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-02-18T18:11:15.000Z",
"value": "Disclosed"
}
],
"title": "s2Member \u003c= 260127 - Unauthenticated Privilege Escalation via Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-1994",
"datePublished": "2026-02-19T06:49:43.503Z",
"dateReserved": "2026-02-05T16:34:36.592Z",
"dateUpdated": "2026-04-08T16:59:09.633Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-48
Strategy: Separation of Privilege
Follow the principle of least privilege when assigning access rights to entities in a software system.
Mitigation MIT-49
Strategy: Separation of Privilege
Consider following the principle of separation of privilege. Require multiple conditions to be met before permitting access to a system resource.
CAPEC-122: Privilege Abuse
An adversary is able to exploit features of the target that should be reserved for privileged users or administrators but are exposed to use by lower or non-privileged accounts. Access to sensitive information and functionality must be controlled to ensure that only authorized users are able to access these resources.
CAPEC-233: Privilege Escalation
An adversary exploits a weakness enabling them to elevate their privilege and perform an action that they are not supposed to be authorized to perform.
CAPEC-58: Restful Privilege Elevation
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.