cleantalk
Vulnerabilities and Security Researches

RomethemeKit For Elementor, CVE-2026-3426

CVE, Research URL

CVE-2026-3426

Home page URL

Security reports for RomethemeKit For Elementor

Application

RomethemeKit For Elementor

Published on
May 13, 2026
Research Description
The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the save_widget() and reset_all_widgets() functions in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with Author-level access and above, to modify or reset site-wide widget configurations.
Affected versions
max 2.0.3.
Status
vulnerable
Previous vulnerability researches
Advanced Custom Fields: Font Awesome Field (CVE-2025-14983) , Feb 27, 2026
Advanced Custom Fields: Font Awesome Field (CVE-2026-6415) , May 15, 2026
New vulnerability
RomethemeKit For Elementor (CVE-2026-3426) , May 16, 2026
RomethemeKit For Elementor (CVE-2026-3425) , May 16, 2026
Meta Field Block (CVE-2026-6252) , May 16, 2026
Gallery Plugin for WordPress – Envira Photo Gallery (CVE-2026-5361) , May 15, 2026
Database Backup for WordPress (CVE-2026-4029) , May 15, 2026