Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-56000

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-18 Feb, 2025 | 19:54
Updated At-19 Feb, 2025 | 08:42
Rejected At-
Credits

WordPress K Elements plugin < 5.4.0 - Unauthenticated Account Takeover vulnerability

Incorrect Privilege Assignment vulnerability in SeventhQueen K Elements allows Privilege Escalation.This issue affects K Elements: from n/a before 5.4.0.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:18 Feb, 2025 | 19:54
Updated At:19 Feb, 2025 | 08:42
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress K Elements plugin < 5.4.0 - Unauthenticated Account Takeover vulnerability

Incorrect Privilege Assignment vulnerability in SeventhQueen K Elements allows Privilege Escalation.This issue affects K Elements: from n/a before 5.4.0.

Affected Products
Vendor
SeventhQueen
Product
K Elements
Default Status
unaffected
Versions
Affected
  • From n/a before 5.4.0 (custom)
    • -> unaffectedfrom5.4.0
Problem Types
TypeCWE IDDescription
CWECWE-266CWE-266 Incorrect Privilege Assignment
Type: CWE
CWE ID: CWE-266
Description: CWE-266 Incorrect Privilege Assignment
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-233CAPEC-233 Privilege Escalation
CAPEC ID: CAPEC-233
Description: CAPEC-233 Privilege Escalation
Solutions

Update the WordPress K Elements wordpress plugin to the latest available version (at least 5.2.0).

Configurations
Workarounds
Exploits
Credits
finder
Rafie Muhammad (Patchstack)
Timeline
EventDate
Vulnerability discovered and report was generated.2024-05-07 07:35:00
Vulnerability reported to the vendor.2024-05-08 07:36:00
The vendor submits a proposed patch for validation. The patch is validated and accepted.2024-11-13 08:37:00
KLEO theme version 5.4.4 alongside K Elements version 5.4.0 was released to patch the reported issue.2024-11-15 08:40:00
Added the vulnerability to the Patchstack database.2025-02-17 08:40:00
Security advisory article published.2025-02-19 08:40:00
Event: Vulnerability discovered and report was generated.
Date: 2024-05-07 07:35:00
Event: Vulnerability reported to the vendor.
Date: 2024-05-08 07:36:00
Event: The vendor submits a proposed patch for validation. The patch is validated and accepted.
Date: 2024-11-13 08:37:00
Event: KLEO theme version 5.4.4 alongside K Elements version 5.4.0 was released to patch the reported issue.
Date: 2024-11-15 08:40:00
Event: Added the vulnerability to the Patchstack database.
Date: 2025-02-17 08:40:00
Event: Security advisory article published.
Date: 2025-02-19 08:40:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/wordpress/plugin/k-elements/vulnerability/wordpress-k-elements-plugin-5-2-0-unauthenticated-account-takeover-vulnerability?_s_id=cve
vdb-entry
https://patchstack.com/articles/critical-privilege-escalation-patched-in-kleo-themes-plugin?_s_id=cve
third-party-advisory
technical-description
https://themeforest.net/item/kleo-pro-community-focused-multipurpose-buddypress-theme/6776630?_s_id=cve
product
Hyperlink: https://patchstack.com/database/wordpress/plugin/k-elements/vulnerability/wordpress-k-elements-plugin-5-2-0-unauthenticated-account-takeover-vulnerability?_s_id=cve
Resource:
vdb-entry
Hyperlink: https://patchstack.com/articles/critical-privilege-escalation-patched-in-kleo-themes-plugin?_s_id=cve
Resource:
third-party-advisory
technical-description
Hyperlink: https://themeforest.net/item/kleo-pro-community-focused-multipurpose-buddypress-theme/6776630?_s_id=cve
Resource:
product
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:18 Feb, 2025 | 20:15
Updated At:19 Feb, 2025 | 09:15

Incorrect Privilege Assignment vulnerability in SeventhQueen K Elements allows Privilege Escalation.This issue affects K Elements: from n/a before 5.4.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-266Secondaryaudit@patchstack.com
CWE ID: CWE-266
Type: Secondary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/articles/critical-privilege-escalation-patched-in-kleo-themes-plugin?_s_id=cveaudit@patchstack.com
N/A
https://patchstack.com/database/wordpress/plugin/k-elements/vulnerability/wordpress-k-elements-plugin-5-2-0-unauthenticated-account-takeover-vulnerability?_s_id=cveaudit@patchstack.com
N/A
https://themeforest.net/item/kleo-pro-community-focused-multipurpose-buddypress-theme/6776630?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/articles/critical-privilege-escalation-patched-in-kleo-themes-plugin?_s_id=cve
Source: audit@patchstack.com
Resource: N/A
Hyperlink: https://patchstack.com/database/wordpress/plugin/k-elements/vulnerability/wordpress-k-elements-plugin-5-2-0-unauthenticated-account-takeover-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A
Hyperlink: https://themeforest.net/item/kleo-pro-community-focused-multipurpose-buddypress-theme/6776630?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

63Records found
CVE-2024-54229
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 35.16%
||
7 Day CHG~0.00%
Published-16 Dec, 2024 | 15:18
Updated-16 Dec, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SV100 Companion plugin <= 2.0.02 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Straightvisions GmbH SV100 Companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through 2.0.02.

Action-Not Available
Vendor-Straightvisions GmbH
Product-SV100 Companion
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-52442
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 31.68%
||
7 Day CHG~0.00%
Published-20 Nov, 2024 | 11:56
Updated-20 Nov, 2024 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress UserPlus plugin <= 2.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Userplus UserPlus allows Privilege Escalation.This issue affects UserPlus: from n/a through 2.0.

Action-Not Available
Vendor-Userplususerplus
Product-UserPlususerplus
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-49322
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 39.33%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 17:38
Updated-18 Oct, 2024 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Job Board Manager for WordPress plugin <= 1.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in CodePassenger Job Board Manager for WordPress allows Privilege Escalation.This issue affects Job Board Manager for WordPress: from n/a through 1.0.

Action-Not Available
Vendor-CodePassengercodepassenger
Product-Job Board Manager for WordPressjob_board_manager_for_wordpress
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-32555
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.12% / 32.20%
||
7 Day CHG+0.01%
Published-21 Jan, 2025 | 13:57
Updated-21 Jan, 2025 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easy Real Estate plugin <= 2.2.6 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in NotFound Easy Real Estate allows Privilege Escalation. This issue affects Easy Real Estate: from n/a through 2.2.6.

Action-Not Available
Vendor-NotFound
Product-Easy Real Estate
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-28000
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-32.28% / 96.69%
||
7 Day CHG~0.00%
Published-21 Aug, 2024 | 13:53
Updated-17 Jun, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LiteSpeed Cache plugin <= 6.3.0.1 - Unauthenticated Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from 1.9 through 6.3.0.1.

Action-Not Available
Vendor-litespeedtechLiteSpeed Technologieslitespeedtech
Product-litespeed_cacheLiteSpeed Cachelitespeed_cache
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2022-3735
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.06% / 19.71%
||
7 Day CHG~0.00%
Published-28 Oct, 2022 | 00:00
Updated-15 Apr, 2025 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
seccome Ehoney signup access control

A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability.

Action-Not Available
Vendor-ehoney_projectseccome
Product-ehoneyEhoney
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-56071
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.90%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 12:44
Updated-31 Dec, 2024 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Dashboard plugin <= 2.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Mike Leembruggen Simple Dashboard allows Privilege Escalation.This issue affects Simple Dashboard: from n/a through 2.0.

Action-Not Available
Vendor-Mike Leembruggen
Product-Simple Dashboard
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-56205
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.50%
||
7 Day CHG~0.00%
Published-31 Dec, 2024 | 12:43
Updated-31 Dec, 2024 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI Magic – SEO Content Generator & Article Writer plugin <= 1.0.4 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in AI Magic allows Privilege Escalation.This issue affects AI Magic: from n/a through 1.0.4.

Action-Not Available
Vendor-AI Magic
Product-AI Magic
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-54383
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-5.21% / 89.56%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 18:48
Updated-18 Dec, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WooCommerce - PDF Vouchers plugin < 4.9.9 - Broken Authentication vulnerability

Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9.

Action-Not Available
Vendor-WPWeb Elite
Product-WooCommerce PDF Vouchers
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-51888
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.50%
||
7 Day CHG+0.01%
Published-21 Jan, 2025 | 13:40
Updated-21 Jan, 2025 | 15:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Homey Login Register Plugin <= 2.4.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in NotFound Homey Login Register allows Privilege Escalation. This issue affects Homey Login Register: from n/a through 2.4.0.

Action-Not Available
Vendor-NotFound
Product-Homey Login Register
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-51800
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 20.93%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 13:47
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Homey theme <= 2.4.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1.

Action-Not Available
Vendor-Favethemes
Product-Homey
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-50485
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-10.23% / 92.85%
||
7 Day CHG+0.49%
Published-29 Oct, 2024 | 08:35
Updated-29 Oct, 2024 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Exam Matrix plugin <= 1.5 - Privilege Escalation vulnerability

: Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through 1.5.

Action-Not Available
Vendor-Udit Rawatudit_rawat
Product-Exam Matrixexam_matrix
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-49217
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.65%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 17:42
Updated-06 Nov, 2024 | 20:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Adding drop down roles in registration plugin <= 1.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Madiri Salman Aashish Adding drop down roles in registration allows Privilege Escalation.This issue affects Adding drop down roles in registration: from n/a through 1.1.

Action-Not Available
Vendor-madirisalmanaashishMadiri Salman Aashishmadiri_salman_aashish
Product-adding_drop_down_roles_in_registrationAdding drop down roles in registrationuser-drop-down-roles-in-registration
CWE ID-CWE-266
Incorrect Privilege Assignment
  • Previous
  • 1
  • 2
  • Next
Details not found