CWE-266
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
CVE-2024-52442 (GCVE-0-2024-52442)
Vulnerability from cvelistv5 – Published: 2024-11-20 11:56 – Updated: 2026-05-11 22:15
VLAI
Title
WordPress UserPlus plugin <= 2.0 - Privilege Escalation vulnerability
Summary
Incorrect Privilege Assignment vulnerability in userplus UserPlus userplus allows Privilege Escalation.This issue affects UserPlus: from n/a through <= 2.0.
Severity
9.8 (Critical)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Date Public
2026-04-01 16:29
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:userplus:userplus:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "userplus",
"vendor": "userplus",
"versions": [
{
"lessThanOrEqual": "2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52442",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T14:59:49.059650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:15:02.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "userplus",
"product": "UserPlus",
"vendor": "userplus",
"versions": [
{
"lessThanOrEqual": "2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jo\u00e3o Pedro S Alc\u00e2ntara (Kinorth) | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:29:54.463Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Privilege Assignment vulnerability in userplus UserPlus userplus allows Privilege Escalation.\u003cp\u003eThis issue affects UserPlus: from n/a through \u003c= 2.0.\u003c/p\u003e"
}
],
"value": "Incorrect Privilege Assignment vulnerability in userplus UserPlus userplus allows Privilege Escalation.This issue affects UserPlus: from n/a through \u003c= 2.0."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:42.200Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/userplus/vulnerability/wordpress-userplus-plugin-2-0-privilege-escalation-vulnerability?_s_id=cve"
}
],
"title": "WordPress UserPlus plugin \u003c= 2.0 - Privilege Escalation vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-52442",
"datePublished": "2024-11-20T11:56:18.331Z",
"dateReserved": "2024-11-11T06:39:48.584Z",
"dateUpdated": "2026-05-11T22:15:02.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-54229 (GCVE-0-2024-54229)
Vulnerability from cvelistv5 – Published: 2024-12-16 15:18 – Updated: 2026-05-11 22:26
VLAI
Title
WordPress SV100 Companion plugin <= 2.0.02 - Privilege Escalation vulnerability
Summary
Incorrect Privilege Assignment vulnerability in straightvisions GmbH SV100 Companion sv100-companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through <= 2.0.02.
Severity
9.8 (Critical)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| straightvisions GmbH | SV100 Companion |
Affected:
0 , ≤ 2.0.02
(custom)
|
Date Public
2026-04-01 16:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54229",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T16:25:17.844337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T22:26:19.132Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "sv100-companion",
"product": "SV100 Companion",
"vendor": "straightvisions GmbH",
"versions": [
{
"lessThanOrEqual": "2.0.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mika | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:30:20.822Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Privilege Assignment vulnerability in straightvisions GmbH SV100 Companion sv100-companion allows Privilege Escalation.\u003cp\u003eThis issue affects SV100 Companion: from n/a through \u003c= 2.0.02.\u003c/p\u003e"
}
],
"value": "Incorrect Privilege Assignment vulnerability in straightvisions GmbH SV100 Companion sv100-companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through \u003c= 2.0.02."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:47.796Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/sv100-companion/vulnerability/wordpress-sv100-companion-plugin-2-0-02-privilege-escalation-vulnerability?_s_id=cve"
}
],
"title": "WordPress SV100 Companion plugin \u003c= 2.0.02 - Privilege Escalation vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-54229",
"datePublished": "2024-12-16T15:18:05.719Z",
"dateReserved": "2024-12-02T12:03:19.712Z",
"dateUpdated": "2026-05-11T22:26:19.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-54293 (GCVE-0-2024-54293)
Vulnerability from cvelistv5 – Published: 2024-12-13 14:25 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress CE21 Suite plugin <= 2.2.0 - Privilege Escalation vulnerability
Summary
Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through <= 2.2.0.
Severity
9.8 (Critical)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| CE21 | CE21 Suite |
Affected:
0 , ≤ 2.2.0
(custom)
|
Date Public
2026-04-01 16:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54293",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-13T17:41:59.085284Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T17:42:18.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "ce21-suite",
"product": "CE21 Suite",
"vendor": "CE21",
"versions": [
{
"changes": [
{
"at": "2.2.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "2.2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "stealthcopter | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:30:26.489Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.\u003cp\u003eThis issue affects CE21 Suite: from n/a through \u003c= 2.2.0.\u003c/p\u003e"
}
],
"value": "Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through \u003c= 2.2.0."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:49.278Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/ce21-suite/vulnerability/wordpress-ce21-suite-plugin-2-2-0-privilege-escalation-vulnerability?_s_id=cve"
}
],
"title": "WordPress CE21 Suite plugin \u003c= 2.2.0 - Privilege Escalation vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-54293",
"datePublished": "2024-12-13T14:25:07.264Z",
"dateReserved": "2024-12-02T12:04:21.185Z",
"dateUpdated": "2026-04-28T16:10:49.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-54363 (GCVE-0-2024-54363)
Vulnerability from cvelistv5 – Published: 2024-12-16 14:31 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress Wp NssUser Register plugin <= 1.0.0 - Privilege Escalation vulnerability
Summary
Incorrect Privilege Assignment vulnerability in saiful.total Wp NssUser Register wp-nssuser-register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through <= 1.0.0.
Severity
9.8 (Critical)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| saiful.total | Wp NssUser Register |
Affected:
0 , ≤ 1.0.0
(custom)
|
Date Public
2026-04-01 16:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54363",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T15:57:03.407153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T16:36:20.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wp-nssuser-register",
"product": "Wp NssUser Register",
"vendor": "saiful.total",
"versions": [
{
"lessThanOrEqual": "1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "ghsinfosec | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:30:34.647Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Privilege Assignment vulnerability in saiful.total Wp NssUser Register wp-nssuser-register allows Privilege Escalation.\u003cp\u003eThis issue affects Wp NssUser Register: from n/a through \u003c= 1.0.0.\u003c/p\u003e"
}
],
"value": "Incorrect Privilege Assignment vulnerability in saiful.total Wp NssUser Register wp-nssuser-register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through \u003c= 1.0.0."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:50.872Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wp-nssuser-register/vulnerability/wordpress-wp-nssuser-register-plugin-1-0-0-privilege-escalation-vulnerability?_s_id=cve"
}
],
"title": "WordPress Wp NssUser Register plugin \u003c= 1.0.0 - Privilege Escalation vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-54363",
"datePublished": "2024-12-16T14:31:35.591Z",
"dateReserved": "2024-12-02T12:05:27.400Z",
"dateUpdated": "2026-04-28T16:10:50.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-54365 (GCVE-0-2024-54365)
Vulnerability from cvelistv5 – Published: 2024-12-16 14:31 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress KH Easy User Settings plugin <= 1.0.0 - Privilege Escalation vulnerability
Summary
Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through <= 1.0.0.
Severity
8.8 (High)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Knowhalim | KH Easy User Settings |
Affected:
0 , ≤ 1.0.0
(custom)
|
Date Public
2026-04-01 16:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54365",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T16:33:28.152889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T16:36:27.673Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "kh-easy-user-settings",
"product": "KH Easy User Settings",
"vendor": "Knowhalim",
"versions": [
{
"lessThanOrEqual": "1.0.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mika | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:30:35.860Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.\u003cp\u003eThis issue affects KH Easy User Settings: from n/a through \u003c= 1.0.0.\u003c/p\u003e"
}
],
"value": "Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through \u003c= 1.0.0."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:50.813Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/kh-easy-user-settings/vulnerability/wordpress-kh-easy-user-settings-plugin-1-0-0-privilege-escalation-vulnerability?_s_id=cve"
}
],
"title": "WordPress KH Easy User Settings plugin \u003c= 1.0.0 - Privilege Escalation vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-54365",
"datePublished": "2024-12-16T14:31:34.421Z",
"dateReserved": "2024-12-02T12:05:34.988Z",
"dateUpdated": "2026-04-28T16:10:50.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-54383 (GCVE-0-2024-54383)
Vulnerability from cvelistv5 – Published: 2024-12-18 18:48 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Broken Authentication vulnerability
Summary
Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a through < 4.9.9.
Severity
9.8 (Critical)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| wpweb | WooCommerce PDF Vouchers |
Affected:
0 , ≤ 4.9.9
(custom)
|
Date Public
2026-04-01 16:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54383",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-18T19:06:49.903633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-18T19:16:35.299Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "woocommerce-pdf-vouchers",
"product": "WooCommerce PDF Vouchers",
"vendor": "wpweb",
"versions": [
{
"changes": [
{
"at": "4.9.9",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.9.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bonds | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:30:36.830Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Privilege Escalation.\u003cp\u003eThis issue affects WooCommerce PDF Vouchers: from n/a through \u003c 4.9.9.\u003c/p\u003e"
}
],
"value": "Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a through \u003c 4.9.9."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:51.656Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/woocommerce-pdf-vouchers/vulnerability/wordpress-woocommerce-pdf-vouchers-plugin-4-9-9-broken-authentication-vulnerability?_s_id=cve"
}
],
"title": "WordPress WooCommerce - PDF Vouchers plugin \u003c 4.9.9 - Broken Authentication vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-54383",
"datePublished": "2024-12-18T18:48:52.656Z",
"dateReserved": "2024-12-02T12:05:43.083Z",
"dateUpdated": "2026-04-28T16:10:51.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-55542 (GCVE-0-2024-55542)
Vulnerability from cvelistv5 – Published: 2025-01-02 15:26 – Updated: 2026-02-26 19:09
VLAI
Summary
Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895.
Severity
4.4 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://security-advisory.acronis.com/advisories/… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Acronis | Acronis Cyber Protect 16 |
Affected:
unspecified , < 39169
(semver)
|
|
| Acronis | Acronis Cyber Protect Cloud Agent |
Affected:
unspecified , < 35895
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55542",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T03:55:29.381641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T19:09:34.461Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Cyber Protect 16",
"vendor": "Acronis",
"versions": [
{
"lessThan": "39169",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "Acronis Cyber Protect Cloud Agent",
"vendor": "Acronis",
"versions": [
{
"lessThan": "35895",
"status": "affected",
"version": "unspecified",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T15:26:40.928Z",
"orgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"shortName": "Acronis"
},
"references": [
{
"name": "SEC-5342",
"tags": [
"vendor-advisory"
],
"url": "https://security-advisory.acronis.com/advisories/SEC-5342"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "73dc0fef-1c66-4a72-9d2d-0a0f4012c175",
"assignerShortName": "Acronis",
"cveId": "CVE-2024-55542",
"datePublished": "2025-01-02T15:26:40.928Z",
"dateReserved": "2024-12-06T17:33:33.992Z",
"dateUpdated": "2026-02-26T19:09:34.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-56000 (GCVE-0-2024-56000)
Vulnerability from cvelistv5 – Published: 2025-02-18 19:54 – Updated: 2026-04-29 09:51
VLAI
Title
WordPress K Elements plugin < 5.4.0 - Unauthenticated Account Takeover vulnerability
Summary
Incorrect Privilege Assignment vulnerability in SeventhQueen K Elements k-elements allows Privilege Escalation.This issue affects K Elements: from n/a through < 5.4.0.
Severity
9.8 (Critical)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SeventhQueen | K Elements |
Affected:
0 , ≤ 5.4.0
(custom)
|
Date Public
2026-04-01 16:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56000",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T20:25:10.987842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T20:27:23.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "k-elements",
"product": "K Elements",
"vendor": "SeventhQueen",
"versions": [
{
"changes": [
{
"at": "5.4.0",
"status": "unaffected"
}
],
"lessThanOrEqual": "5.4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafie Muhammad | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:30:52.564Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Privilege Assignment vulnerability in SeventhQueen K Elements k-elements allows Privilege Escalation.\u003cp\u003eThis issue affects K Elements: from n/a through \u003c 5.4.0.\u003c/p\u003e"
}
],
"value": "Incorrect Privilege Assignment vulnerability in SeventhQueen K Elements k-elements allows Privilege Escalation.This issue affects K Elements: from n/a through \u003c 5.4.0."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T09:51:53.582Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/k-elements/vulnerability/wordpress-k-elements-plugin-5-2-0-unauthenticated-account-takeover-vulnerability?_s_id=cve"
}
],
"title": "WordPress K Elements plugin \u003c 5.4.0 - Unauthenticated Account Takeover vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-56000",
"datePublished": "2025-02-18T19:54:27.556Z",
"dateReserved": "2024-12-14T19:42:01.726Z",
"dateUpdated": "2026-04-29T09:51:53.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-56040 (GCVE-0-2024-56040)
Vulnerability from cvelistv5 – Published: 2024-12-31 13:15 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress VibeBP plugin <= 1.9.9.4.1 - Unauthenticated Privilege Escalation vulnerability
Summary
Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.This issue affects VibeBP: from n/a through <= 1.9.9.4.1.
Severity
9.8 (Critical)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VibeThemes | VibeBP |
Affected:
0 , ≤ 1.9.9.4.1
(custom)
|
Date Public
2026-04-01 16:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56040",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-31T15:05:47.424926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T15:05:55.231Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "vibebp",
"product": "VibeBP",
"vendor": "VibeThemes",
"versions": [
{
"changes": [
{
"at": "1.9.9.5",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.9.9.4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafie Muhammad | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:30:58.749Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.\u003cp\u003eThis issue affects VibeBP: from n/a through \u003c= 1.9.9.4.1.\u003c/p\u003e"
}
],
"value": "Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.This issue affects VibeBP: from n/a through \u003c= 1.9.9.4.1."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:54.475Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/vibebp/vulnerability/wordpress-vibebp-plugin-1-9-9-4-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve"
}
],
"title": "WordPress VibeBP plugin \u003c= 1.9.9.4.1 - Unauthenticated Privilege Escalation vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-56040",
"datePublished": "2024-12-31T13:15:11.807Z",
"dateReserved": "2024-12-14T19:42:50.708Z",
"dateUpdated": "2026-04-28T16:10:54.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-56043 (GCVE-0-2024-56043)
Vulnerability from cvelistv5 – Published: 2024-12-31 13:15 – Updated: 2026-04-28 16:10
VLAI
Title
WordPress WPLMS plugin <= 1.9.9 - Unauthenticated Privilege Escalation vulnerability
Summary
Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS: from n/a through <= 1.9.9.
Severity
9.8 (Critical)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VibeThemes | WPLMS |
Affected:
0 , ≤ 1.9.9
(custom)
|
Date Public
2026-04-01 16:30
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-31T15:28:16.611493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T15:28:24.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "wplms_plugin",
"product": "WPLMS",
"vendor": "VibeThemes",
"versions": [
{
"changes": [
{
"at": "1.9.9.1",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.9.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Rafie Muhammad | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:30:58.492Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.\u003cp\u003eThis issue affects WPLMS: from n/a through \u003c= 1.9.9.\u003c/p\u003e"
}
],
"value": "Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS: from n/a through \u003c= 1.9.9."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:10:54.376Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/wplms_plugin/vulnerability/wordpress-wplms-plugin-1-9-9-unauthenticated-privilege-escalation-vulnerability?_s_id=cve"
}
],
"title": "WordPress WPLMS plugin \u003c= 1.9.9 - Unauthenticated Privilege Escalation vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2024-56043",
"datePublished": "2024-12-31T13:15:59.569Z",
"dateReserved": "2024-12-14T19:42:58.218Z",
"dateUpdated": "2026-04-28T16:10:54.376Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation ID: MIT-1
Phases: Architecture and Design, Operation
Description:
- Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-17
Phases: Architecture and Design, Operation
Strategy: Environment Hardening
Description:
- Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.