VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Improper Privilege Management
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-05-13
CVE-2025-27468
Improper Privilege Management vulnerability in Microsoft products
Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.
local
high complexity
microsoft
CWE-269
7.0
7.0
2025-05-13
CVE-2025-29976
Improper Privilege Management vulnerability in Microsoft products
Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.
local
low complexity
microsoft
CWE-269
7.8
7.8
2025-05-07
CVE-2025-3852
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0.
network
low complexity
CWE-269
8.8
8.8
2025-05-07
CVE-2025-4335
The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1.
network
low complexity
CWE-269
8.8
8.8
2025-05-02
CVE-2025-3438
Improper Privilege Management vulnerability in Inspireui Mstore API
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4.
network
low complexity
inspireui
CWE-269
7.3
7.3
2025-04-25
CVE-2025-2238
The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30.
network
low complexity
CWE-269
8.8
8.8
2025-04-24
CVE-2025-3101
The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7.
network
low complexity
CWE-269
8.8
8.8
2025-04-24
CVE-2025-3761
The My Tickets – Accessible Event Ticketing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.0.16.
network
low complexity
CWE-269
8.8
8.8
2025-04-22
CVE-2025-1732
An improper privilege management vulnerability in the recovery function of the USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.
local
low complexity
CWE-269
6.7
6.7
2025-04-19
CVE-2025-3278
The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4.
network
low complexity
CWE-269
critical
9.8
9.8
«
1
(current)
2
3
4
5
...
111
112
»
Next