cleantalk
Vulnerabilities and Security Researches

RomethemeKit For Elementor, CVE-2024-10326

CVE, Research URL

CVE-2024-10326

Home page URL

Security reports for RomethemeKit For Elementor

Application

RomethemeKit For Elementor

Published on
Mar 08, 2025
Research Description
The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_options and reset_widgets functions in all versions up to, and including, 1.5.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings or reset plugin widgets to their default state (all enabled). NOTE: This vulnerability was partially fixed in version 1.5.3.
Affected versions
Min -, max 1.5.4.
Status
vulnerable
Previous vulnerability researches
Reservit Hotel (CVE-2024-9458) , Mar 09, 2025
New vulnerability
RomethemeKit For Elementor (CVE-2024-10326) , Mar 10, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-1926) , Mar 10, 2025
Shortcode Cleaner Lite (CVE-2025-1481) , Mar 09, 2025
All-in-One Addons for Elementor – WidgetKit (CVE-2024-10321) , Mar 09, 2025
SMTP by BestWebSoft (CVE-2024-13908) , Mar 09, 2025