Rometheme Rtmkit
13 CVEs affecting Rometheme Rtmkit. Latest disclosed: 2026-05-13. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-62065 | Critical | 9.9 | 2025-11-06 | Unrestricted Upload of File with Dangerous Type vulnerability in Rometheme RTMKit rometheme-for-elementor.This issue affects RTMKit: from n/a through <= 1.6.5. |
CVE-2025-30911 | Critical | 9.9 | 2025-04-01 | Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Command Injection.This issue affects… |
CVE-2026-3425 | High | 8.8 | 2026-05-13 | The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2 via the 'path' parameter… |
CVE-2025-64283 | Medium | 6.5 | 2025-10-29 | Authorization Bypass Through User-Controlled Key vulnerability in Rometheme RTMKit rometheme-for-elementor allows Exploiting Incorrectly Configured Access Cont… |
CVE-2025-49235 | Medium | 6.5 | 2025-06-06 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Stored XS… |
CVE-2024-47626 | Medium | 6.5 | 2024-10-05 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Stored XS… |
CVE-2024-32956 | Medium | 6.5 | 2024-04-24 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RTMKit rometheme-for-elementor.This issue affec… |
CVE-2025-8609 | Medium | 6.4 | 2025-11-18 | The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion Block's attributes in all versions… |
CVE-2025-12473 | Medium | 6.1 | 2026-03-11 | The RTMKit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'themebuilder' parameter in all versions up to, and including, 1.6.8 du… |
CVE-2026-3426 | Medium | 4.3 | 2026-05-13 | The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the save_widget() a… |
CVE-2024-10326 | Medium | 4.3 | 2025-03-08 | The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_options an… |
CVE-2025-24743 | Medium | 4.3 | 2025-01-27 | Missing Authorization vulnerability in Rometheme RTMKit rometheme-for-elementor.This issue affects RTMKit: from n/a through <= 1.5.2. |
CVE-2024-10324 | Medium | 4.3 | 2025-01-24 | The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the registe… |