CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-30911 – WordPress RomethemeKit For Elementor plugin <= 1.5.4 - Arbitrary Plugin Installation/Activation to RCE vulnerability
https://notcve.org/view.php?id=CVE-2025-30911
27 Mar 2025 — Improper Control of Generation of Code ('Code Injection') vulnerability in Rometheme RomethemeKit For Elementor allows Command Injection. This issue affects RomethemeKit For Elementor: from n/a through 1.5.4. The RomethemeKit For Elementor plugin for WordPress is vulnerable to arbitrary plugin installations due to a missing capability check in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins on ... • https://packetstorm.news/files/id/190274 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24743 – WordPress RomethemeKit For Elementor plugin <= 1.5.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-24743
24 Jan 2025 — Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor. This issue affects RomethemeKit For Elementor: from n/a through 1.5.2. The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/rometheme-for-elementor/vulnerability/wordpress-romethemekit-for-elementor-plugin-1-5-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47626 – WordPress RomethemeKit For Elementor plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-47626
30 Sep 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rometheme RomethemeKit For Elementor allows Stored XSS.This issue affects RomethemeKit For Elementor: from n/a through 1.5.0. The RomethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces... • https://patchstack.com/database/vulnerability/rometheme-for-elementor/wordpress-romethemekit-for-elementor-plugin-1-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33919 – WordPress RomethemeKit For Elementor plugin <= 1.4.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33919
29 Apr 2024 — Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1. Vulnerabilidad de autorización faltante en Rometheme RomethemeKit para Elementor. Este problema afecta a RomethemeKit para Elementor: desde n/a hasta 1.4.1. The RomethemeKit For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the addNewPost() function in versions up to, and including, 1.4.1. T... • https://patchstack.com/database/vulnerability/rometheme-for-elementor/wordpress-romethemekit-for-elementor-plugin-1-4-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32956 – WordPress RomethemeKit For Elementor plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-32956
22 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rometheme RomethemeKit For Elementor allows Stored XSS.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Rometheme RomethemeKit para Elementor permite almacenar XSS. Este problema afecta a RomethemeKit para Elementor: desde n/a hasta 1.4.1. The RomethemeKit For E... • https://patchstack.com/database/vulnerability/rometheme-for-elementor/wordpress-romethemekit-for-elementor-plugin-1-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •