Vulnerabilities > Improper Privilege Management

DATE CVE VULNERABILITY TITLE RISK
2025-05-13 CVE-2025-27468 Improper Privilege Management vulnerability in Microsoft products
Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.
local
high complexity
microsoft CWE-269
7.0
2025-05-13 CVE-2025-29976 Improper Privilege Management vulnerability in Microsoft products
Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.
local
low complexity
microsoft CWE-269
7.8
2025-05-07 CVE-2025-3852 The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0.
network
low complexity
CWE-269
8.8
2025-05-07 CVE-2025-4335 The Woocommerce Multiple Addresses plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.7.1.
network
low complexity
CWE-269
8.8
2025-05-02 CVE-2025-3438 Improper Privilege Management vulnerability in Inspireui Mstore API
The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4.
network
low complexity
inspireui CWE-269
7.3
2025-04-25 CVE-2025-2238 The Vikinger theme for WordPress is vulnerable to privilege in all versions up to, and including, 1.9.30.
network
low complexity
CWE-269
8.8
2025-04-24 CVE-2025-3101 The Configurator Theme Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.4.7.
network
low complexity
CWE-269
8.8
2025-04-24 CVE-2025-3761 The My Tickets – Accessible Event Ticketing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.0.16.
network
low complexity
CWE-269
8.8
2025-04-22 CVE-2025-1732 An improper privilege management vulnerability in the recovery function of the USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.
local
low complexity
CWE-269
6.7
2025-04-19 CVE-2025-3278 The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4.
network
low complexity
CWE-269
critical
9.8