CWE-CWE-269 CVE - CVE Search - CVE Details

Filtered by CWE-269

Total 1509 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2016-11011	1 Usabilitydynamics	1 Wp-invoice	2019-09-20	4.0 MEDIUM	6.5 MEDIUM
The wp-invoice plugin before 4.1.1 for WordPress has wpi_update_user_option privilege escalation.
CVE-2016-11004	1 Elegantthemes	1 Monarch	2019-09-20	6.5 MEDIUM	8.8 HIGH
The Elegant Themes Monarch plugin before 1.2.7 for WordPress has privilege escalation.
CVE-2016-11002	1 Elegantthemes	1 Extra	2019-09-20	6.5 MEDIUM	8.8 HIGH
The Elegant Themes Extra theme before 1.2.4 for WordPress has privilege escalation.
CVE-2016-11003	1 Elegantthemes	1 Monarch	2019-09-20	6.5 MEDIUM	8.8 HIGH
The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation.
CVE-2016-10971	1 Membersonic	1 Membersonic	2019-09-18	7.5 HIGH	9.8 CRITICAL
The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required.
CVE-2016-10968	1 Peepso	1 Peepso	2019-09-17	6.5 MEDIUM	8.8 HIGH
The peepso-core plugin before 1.6.1 for WordPress has PeepSoProfilePreferencesAjax->save() privilege escalation.
CVE-2016-10972	1 Tagdiv	1 Newspaper	2019-09-16	7.5 HIGH	9.8 CRITICAL
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.
CVE-2019-16202	1 Misp	1 Misp	2019-09-11	4.0 MEDIUM	6.5 MEDIUM
MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message.
CVE-2018-21013	1 Upperthemes	1 Swape	2019-09-09	7.5 HIGH	9.8 CRITICAL
The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php.

Vulnerabilities (CVE)