Vulnerabilities and security researches forrometheme-for-elementor rometheme-for-elementor

Jun 07, 2024

CVE, Research URL: CVE-2024-33919
Home page URL: Security reports for RomethemeKit For Elementor
Application: RomethemeKit For Elementor
Date: May 03, 2024
Research Description: Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1.
Affected versions: max 1.4.2.
Status: vulnerable

CVE, Research URL: CVE-2024-32956
Home page URL: Security reports for RomethemeKit For Elementor
Application: RomethemeKit For Elementor
Date: Apr 24, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RomethemeKit For Elementor allows Stored XSS.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1.
Affected versions: max 1.4.2.
Status: vulnerable

Oct 03, 2024

CVE, Research URL: CVE-2024-47626
Home page URL: Security reports for RomethemeKit For Elementor
Application: RomethemeKit For Elementor
Date: Oct 05, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rometheme RomethemeKit For Elementor allows Stored XSS.This issue affects RomethemeKit For Elementor: from n/a through 1.5.0.
Affected versions: max 1.5.1.
Status: vulnerable

Jan 26, 2025

CVE, Research URL: CVE-2025-24743
Home page URL: Security reports for RomethemeKit For Elementor
Application: RomethemeKit For Elementor
Date: Jan 27, 2025
Research Description: Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor. This issue affects RomethemeKit For Elementor: from n/a through 1.5.2.
Affected versions: max 1.5.3.
Status: vulnerable

CVE, Research URL: CVE-2024-10324
Home page URL: Security reports for RomethemeKit For Elementor
Application: RomethemeKit For Elementor
Date: Jan 24, 2025
Research Description: The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
Affected versions: max 1.5.3.
Status: vulnerable

Mar 10, 2025

CVE, Research URL: CVE-2024-10326
Home page URL: Security reports for RomethemeKit For Elementor
Application: RomethemeKit For Elementor
Date: Mar 08, 2025
Research Description: The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_options and reset_widgets functions in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings or reset plugin widgets to their default state (all enabled). NOTE: This vulnerability was partially fixed in version 1.5.3.
Affected versions: max 1.5.4.
Status: vulnerable

Apr 03, 2025

CVE, Research URL: CVE-2025-30911
Home page URL: Security reports for RomethemeKit For Elementor
Application: RomethemeKit For Elementor
Date: Apr 01, 2025
Research Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. This issue affects RomethemeKit For Elementor: from n/a through 1.5.4.
Affected versions: max 1.5.5.
Status: vulnerable

Jun 15, 2025

CVE, Research URL: CVE-2025-49235
Home page URL: Security reports for RomethemeKit For Elementor
Application: RomethemeKit For Elementor
Date: Jun 06, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RTMKit Addons for Elementor allows Stored XSS. This issue affects RTMKit Addons for Elementor: from n/a through 1.6.0.
Affected versions: max 1.6.1.
Status: vulnerable

Nov 11, 2025

CVE, Research URL: CVE-2025-64283
Home page URL: Security reports for RomethemeKit For Elementor
Application: RomethemeKit For Elementor
Date: Oct 29, 2025
Research Description: Authorization Bypass Through User-Controlled Key vulnerability in Rometheme RTMKit rometheme-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RTMKit: from n/a through <= 1.6.7.
Affected versions: max 1.6.7.
Status: vulnerable

CVE, Research URL: CVE-2025-62065
Home page URL: Security reports for RomethemeKit For Elementor
Application: RomethemeKit For Elementor
Date: Nov 06, 2025
Research Description: Unrestricted Upload of File with Dangerous Type vulnerability in Rometheme RTMKit rometheme-for-elementor.This issue affects RTMKit: from n/a through <= 1.6.5.
Affected versions: max 1.6.5.
Status: vulnerable

Mar 29, 2026

CVE, Research URL: CVE-2025-12473
Home page URL: Security reports for RomethemeKit For Elementor
Application: RomethemeKit For Elementor
Date: Mar 11, 2026
Research Description: The RTMKit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'themebuilder' parameter in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.6.8.
Status: vulnerable