CVE-2026-27314

Privilege escalation in Apache Cassandra 5.0 on an mTLS environment using MutualTlsAuthenticator allows a user with only CREATE permission to associate their own certificate identity with an arbitrary role, including a superuser role, and authenticate as that role via ADD IDENTITY. Users are...

CVE-2023-32749

Pydio Cells allows users by default to create so-called external users in order to share files with them. By modifying the HTTP request sent when creating such an external user, it is possible to assign the new user arbitrary roles. By assigning all roles to a newly created user, access to all...

CVE-2025-24353 Directus privilege escalation vulnerability using Share feature

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Instanc...

CVE-2021-24649

The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpufencryption. This could allow an attacker having access to the AUTHKEY and AUTHSALT constant via...

WordPress plugin WP User Frontend 授权问题漏洞

WP User Frontend is a wordpress plugin for user frontend posting and submission. An authorization issue vulnerability exists in WordPress WP User Frontend versions prior to 3.5.29. The vulnerability stems from improper privilege management and can be exploited by an attacker to create accounts wi...

CVE-2021-24602 HM Multiple Roles < 1.3 - Arbitrary Role Change

The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page...

WordPress HM Multiple Roles plugin <= 1.2 - Arbitrary Role Change vulnerability

Arbitrary Role Change vulnerability discovered by clemorphy in WordPress HM Multiple Roles plugin versions = 1.2. Solution Update the WordPress HM Multiple Roles plugin to the latest available version at least 1.3...

HM Multiple Roles < 1.3 - Arbitrary Role Change

The plugin does not have any access control to prevent low privilege users to set themselves as admin via their profile page As any authenticated user, go to your Profile page and Tick the Administrator Role checkbox. In v1.2, the checkboxes are disabled in the UI but can be tampered with by eith...

WordPress popup-builder information disclosure vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Sygnoos Popup Builder is one of the popup plugins used in it. A vulnerability exists in WordPress popup-builder versions prior to 3.64....

Privilege Escalations

foreman is vulnerable to privilege escalation attacks. The vulnerability exists as the create method in app/controllers/userscontroller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by 1 changing the admin flag o...