VYPR

Rometheme For Elementor

by WordPress

Source repositories

CVEs (12)

  • CVE-2025-62065CriNov 6, 2025
    risk 0.64cvss 9.9epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Rometheme RTMKit rometheme-for-elementor.This issue affects RTMKit: from n/a through <= 1.6.5.

  • CVE-2025-30911CriApr 1, 2025
    risk 0.64cvss 9.9epss 0.02

    Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Command Injection.This issue affects RTMKit: from n/a through <= 1.5.4.

  • CVE-2025-64283MedOct 29, 2025
    risk 0.42cvss 6.5epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Rometheme RTMKit rometheme-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RTMKit: from n/a through <= 1.6.7.

  • CVE-2025-49235MedJun 6, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RTMKit rometheme-for-elementor allows Stored XSS.This issue affects RTMKit: from n/a through <= 1.6.0.

  • CVE-2024-33919MedMay 3, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1.

  • CVE-2024-32956MedApr 24, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RTMKit rometheme-for-elementor.This issue affects RTMKit: from n/a through <= 1.4.1.

  • CVE-2026-5149MedJun 16, 2026
    risk 0.35cvss 6.5epss 0.00

    The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the get_submission_content AJAX endpoint lacking a capability check to verify that a user has permission to access the requested form submission…

  • CVE-2024-32727MedJun 9, 2024
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Rometheme RomethemeForm For Elementor.This issue affects RomethemeForm For Elementor: from n/a through 1.1.2.

  • CVE-2025-24743MedJan 27, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Rometheme RTMKit rometheme-for-elementor.This issue affects RTMKit: from n/a through <= 1.5.2.

  • CVE-2023-6325MedMay 23, 2024
    risk 0.28cvss 5.3epss 0.00

    The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it…

  • CVE-2024-10326Mar 8, 2025
    risk 0.00cvss epss 0.00

    The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_options and reset_widgets functions in all versions up to, and including, 1.5.3. This makes it possible for authenticated…

  • CVE-2024-10324Jan 24, 2025
    risk 0.00cvss epss 0.00

    The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with…