Description
Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through <= 2.8.
Published: 2026-03-25
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The Search & Go WordPress theme contains an incorrect privilege assignment flaw categorized as CWE-266. This vulnerability allows an attacker to increase their privileges within the WordPress installation, enabling actions normally reserved for administrators. The flaw is rated with a CVSS score of 9.8, indicating a critical severity level for affected sites.

Affected Systems

All instances of the Elated-Themes Search & Go theme, from the earliest release through version 2.8 inclusive, are affected.

Risk and Exploitability

The risk to sites is high because the CVSS score is 9.8, yet the EPSS score is reported as less than 1%, suggesting limited public exploitation. The vulnerability is not listed in the CISA KEV catalog. The description does not disclose a specific attack path; it is inferred that an attacker with basic access to a WordPress account could leverage the theme’s functionality to elevate privileges. No explicit prerequisites or conditions are provided.

Generated by OpenCVE AI on March 26, 2026 at 22:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Search & Go theme to any version newer than 2.8
  • Verify that all sites running the theme have applied the update
  • If an update is unavailable, temporarily disable or uninstall the Search & Go theme until a patched version is released
  • Monitor site logs for indicators of privilege escalation attempts

Generated by OpenCVE AI on March 26, 2026 at 22:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Elated-themes
Elated-themes search And Go Theme
Wordpress
Wordpress wordpress
Vendors & Products Elated-themes
Elated-themes search And Go Theme
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through <= 2.8.
Title WordPress Search & Go theme <= 2.8 - Privilege Escalation vulnerability
Weaknesses CWE-266
References

Subscriptions

Elated-themes Search And Go Theme
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-03-26T20:23:32.917Z

Reserved: 2026-01-28T09:50:41.578Z

Link: CVE-2026-24971

cve-icon Vulnrichment

Updated: 2026-03-26T20:21:46.526Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-25T17:16:39.083

Modified: 2026-03-30T13:27:12.923

Link: CVE-2026-24971

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:46:22Z

Weaknesses