CVE-2024-56000

Critical

Published: 18 February 2025

Published

18 February 2025

Modified

29 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0022 44.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Incorrect Privilege Assignment vulnerability in SeventhQueen K Elements k-elements allows Privilege Escalation.This issue affects K Elements: from n/a through < 5.4.0.

Security Summary

CVE-2024-56000 is an Incorrect Privilege Assignment vulnerability (CWE-266) in the SeventhQueen K Elements WordPress plugin, enabling privilege escalation. The issue affects all versions of the K Elements plugin from n/a through those prior to 5.4.0.

The vulnerability carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating it can be exploited remotely by unauthenticated attackers with low complexity and no user interaction. Exploitation allows attackers to achieve unauthenticated account takeover, resulting in high impacts to confidentiality, integrity, and availability through elevated privileges on the affected WordPress site.

The Patchstack advisory recommends updating the K Elements plugin to version 5.4.0 or later to mitigate this vulnerability.

Details

CWE(s): CWE-266

References

https://patchstack.com/database/Wordpress/Plugin/k-elements/vulnerability/wordpress-k-elements-plugin-5-2-0-unauthenticated-account-takeover-vulnerability?_s_id=cve
audit@patchstack.com