Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-266

CWE-266

Incorrect Privilege Assignment

Parent: CWE-269 - Improper Privilege Management

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

914 vulnerabilities with CWE-266

CVE-2026-49780 HIGH

WordPress Dokan plugin <= 5.0.2 - Privilege Escalation vulnerability

CVE-2026-49083 HIGH

WordPress LatePoint plugin <= 5.5.1 - Privilege Escalation vulnerability

CVE-2026-49063 HIGH

WordPress Listdom plugin <= 5.5.0 - Privilege Escalation vulnerability

CVE-2026-48889 HIGH

WordPress Amelia plugin <= 2.3 - Privilege Escalation vulnerability

CVE-2026-39587 HIGH

WordPress WP BASE Booking plugin <= 5.9.0 - Privilege Escalation vulnerability

CVE-2026-39583 CRITICAL

WordPress Datalogics Ecommerce Delivery plugin <= 2.6.62 - Privilege Escalation vulnerability

CVE-2026-39579 HIGH

WordPress B Blocks plugin <= 2.0.31 - Privilege Escalation vulnerability

CVE-2026-39470 HIGH

WordPress WooCommerce Cart Abandonment Recovery plugin < 2.1.0 - Privilege Escalation vulnerability

CVE-2026-34901 CRITICAL

WordPress iControlWP plugin <= 5.5.3 - Privilege Escalation vulnerability

CVE-2026-27407 HIGH

WordPress AI Engine plugin <= 3.4.9 - Privilege Escalation vulnerability

CVE-2026-49111 HIGH

WordPress Masteriyo - LMS plugin <= 2.2.0 - Privilege Escalation vulnerability

CVE-2026-12217 HIGH

DVDFab Virtual Drive Signed Kernel Driver dvdfabio.sys privileges management

CVE-2026-12213 MEDIUM

hcengineering Huly Platform User Information operations.ts getAccountInfo improper authorization

CVE-2026-12212 MEDIUM

hcengineering Huly Platform RPC operations.ts getMailboxSecret access control

CVE-2026-12201 MEDIUM

IObit Malware Fighter DLL permission

CVE-2026-49060 CRITICAL

WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability

CVE-2026-53814 HIGH

OpenClaw < 2026.5.20 - Privilege Escalation via Hook-Triggered CLI MCP Tool Authority

CVE-2026-47169 HIGH

Quest Bot: Manage Server users can configure AutoRole to grant Administrator to controlled joining accounts

CVE-2026-11620 MEDIUM

TOTOLINK EX200 vsftpd vsftpd.conf least privilege violation

CVE-2026-11619 MEDIUM

Dolibarr ERP CRM Legacy Filemanager config.inc.php improper authorization

CVE-2026-11555 LOW

D-Link DGS-1100-08PD Web boa.conf least privilege violation

CVE-2026-11554 MEDIUM

TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation

CVE-2026-11533 MEDIUM

imvks786 student_management_system Student Deletion Endpoint see.php improper authorization

CVE-2026-11532 MEDIUM

imvks786 student_management_system Student Record add.php access control

CVE-2026-11521 MEDIUM

Mohammed-eid35 bank-management-system-springboot Transaction Endpoint TransactionController.java improper authorization

Page 1 of 37 Next

Details

Vulnerabilities 914

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy