A privilege escalation seems to me to be pretty critical
You say
"they each require the attacker to already have access to the target machine (if that’s the case you’re already in serious trouble, so what’s another flaw)"
If you're a normal user and can run things as an administrator (which is what privilege elevation is) then that's a pretty serious flaw. I'm not sure why you're treating it so cavalierly.