cleantalk
Vulnerabilities and Security Researches

RomethemeKit For Elementor, CVE-2024-10324

CVE, Research URL

CVE-2024-10324

Home page URL

Security reports for RomethemeKit For Elementor

Application

RomethemeKit For Elementor

Published on
Jan 24, 2025
Research Description
The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
Affected versions
Min -, max 1.5.2.
Status
vulnerable
Previous vulnerability researches
RomethemeKit For Elementor (CVE-2025-24743) , Jan 26, 2025
RomethemeKit For Elementor (CVE-2024-10324) , Jan 26, 2025
RomethemeKit For Elementor (CVE-2024-10326) , Mar 10, 2025
RomethemeKit For Elementor (CVE-2024-33919) , Jun 07, 2024
RomethemeKit For Elementor (CVE-2024-32956) , Jun 07, 2024
New vulnerability
Qubely – Advanced Gutenberg Blocks (CVE-2024-13228) , Mar 11, 2025
WPCS – WordPress Currency Switcher Professional (CVE-2025-2169) , Mar 11, 2025
RomethemeKit For Elementor (CVE-2024-10326) , Mar 10, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-1926) , Mar 10, 2025
Shortcode Cleaner Lite (CVE-2025-1481) , Mar 09, 2025