Vulnerabilities and security researches forrometheme-for-elementor rometheme-for-elementor

Mar 10, 2025

CVE, Research URL: CVE-2024-10326
Home page URL: Security reports for RomethemeKit For Elementor
Application: RomethemeKit For Elementor
Date: Mar 08, 2025
Research Description: The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_options and reset_widgets functions in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings or reset plugin widgets to their default state (all enabled). NOTE: This vulnerability was partially fixed in version 1.5.3.
Affected versions: Min -, max -.
Status: vulnerable

Jan 26, 2025

CVE, Research URL: CVE-2025-24743
Home page URL: Security reports for RomethemeKit For Elementor
Application: RomethemeKit For Elementor
Date: Jan 27, 2025
Research Description: Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor. This issue affects RomethemeKit For Elementor: from n/a through 1.5.2.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-10324
Home page URL: Security reports for RomethemeKit For Elementor
Application: RomethemeKit For Elementor
Date: Jan 24, 2025
Research Description: The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
Affected versions: Min -, max -.
Status: vulnerable

Oct 03, 2024

CVE, Research URL: CVE-2024-47626
Home page URL: Security reports for RomethemeKit For Elementor
Application: RomethemeKit For Elementor
Date: Oct 05, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rometheme RomethemeKit For Elementor allows Stored XSS.This issue affects RomethemeKit For Elementor: from n/a through 1.5.0.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2024-33919
Home page URL: Security reports for RomethemeKit For Elementor
Application: RomethemeKit For Elementor
Date: May 03, 2024
Research Description: Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-32956
Home page URL: Security reports for RomethemeKit For Elementor
Application: RomethemeKit For Elementor
Date: Apr 24, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RomethemeKit For Elementor allows Stored XSS.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1.
Affected versions: Min -, max -.
Status: vulnerable