Vulnerabilities > Improper Privilege Management
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-20 | CVE-2019-11280 | Improper Privilege Management vulnerability in Pivotal Software Pivotal Application Service Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.18, 2.4.x prior to 2.4.14, 2.5.x prior to 2.5.10, and 2.6.x prior to 2.6.5, contains an invitations microservice which allows users to invite others to their organizations. | 8.8 |
| 2019-09-20 | CVE-2016-11011 | Improper Privilege Management vulnerability in Usabilitydynamics Wp-Invoice The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation. | 6.5 |
| 2019-09-20 | CVE-2016-11004 | Improper Privilege Management vulnerability in Elegantthemes Monarch 1.1.1 The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation. | 8.8 |
| 2019-09-20 | CVE-2016-11003 | Improper Privilege Management vulnerability in Elegantthemes Monarch The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation. | 8.8 |
| 2019-09-20 | CVE-2016-11002 | Improper Privilege Management vulnerability in Elegantthemes Extra The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation. | 8.8 |
| 2019-09-20 | CVE-2015-9390 | Improper Privilege Management vulnerability in Admin Management Xtended Project Admin Management Xtended The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled. | 4.3 |
| 2019-09-17 | CVE-2019-4477 | Improper Privilege Management vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a user with access to audit logs to obtain sensitive information, caused by improper handling of command line options. | 6.5 |
| 2019-09-16 | CVE-2016-10972 | Improper Privilege Management vulnerability in Tagdiv Newspaper 6.7.0/6.7.1 The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel. | 9.8 |
| 2019-09-16 | CVE-2016-10971 | Improper Privilege Management vulnerability in Membersonic 1.2/1.301 The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required. | 9.8 |
| 2019-09-16 | CVE-2016-10968 | Improper Privilege Management vulnerability in Peepso The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation. | 8.8 |