{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24971", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-01-28T09:50:41.578Z", "datePublished": "2026-03-25T16:14:33.794Z", "dateUpdated": "2026-03-25T16:14:33.794Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://themeforest.net", "defaultStatus": "unaffected", "packageName": "searchgo", "product": "Search & Go", "vendor": "Elated-Themes", "versions": [{"changes": [{"at": "2.8.1", "status": "unaffected"}], "lessThanOrEqual": "<= 2.8", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "datePublic": "2026-03-25T17:12:15.247Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.<p>This issue affects Search & Go: from n/a through <= 2.8.</p>"}], "value": "Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through <= 2.8."}], "impacts": [{"capecId": "CAPEC-233", "descriptions": [{"lang": "en", "value": "Privilege Escalation"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "Incorrect Privilege Assignment", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-03-25T16:14:33.794Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Theme/searchgo/vulnerability/wordpress-search-go-theme-2-8-privilege-escalation-vulnerability?_s_id=cve"}], "title": "WordPress Search & Go theme <= 2.8 - Privilege Escalation vulnerability"}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through <= 2.8."}], "id": "CVE-2026-24971", "lastModified": "2026-03-25T17:16:39.083", "metrics": {}, "published": "2026-03-25T17:16:39.083", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Theme/searchgo/vulnerability/wordpress-search-go-theme-2-8-privilege-escalation-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "audit@patchstack.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-25T18:17:13.120594+00:00", "value": {"mitigation_remediation": ["Upgrade the Search & Go theme to a version newer than 2.8.", "Verify that the update has been applied by checking the theme version in the WordPress dashboard or filesystem.", "If an update cannot be performed immediately, disable theme editing by adding define('DISALLOW_FILE_EDIT', true); to wp-config.php and monitor for unauthorized activity."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "All releases of the Elated\u2011Themes Search & Go WordPress theme from its earliest version through 2.8 are affected. WordPress sites that have installed this theme within the stated version range are at risk.", "description_and_impact": "The Search & Go theme up to version 2.8 contains an incorrect privilege assignment flaw that permits users to gain higher level access than intended. This weakness is classified as CWE\u2011266, indicating that the system grants permissions that an authenticated user should not possess. If exploited, an attacker could perform actions normally restricted to administrators, potentially altering site settings or content.", "risk_and_exploitability": "No CVSS score or EPSS data is available, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker who can interact with the theme, such as via the WordPress admin panel or by uploading files, could exploit the privilege escalation. The risk remains high until the theme is updated to a version beyond 2.8."}}}}, "created": "2026-03-25T21:34:38.046310+00:00", "updated": "2026-03-25T21:34:38.046345+00:00", "vendors": []}