Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

RTMKit — Vulnerabilities & Security Advisories 11

All 11 CVE vulnerabilities found in RTMKit, with AI-generated Chinese analysis, references, and POCs.

Vendor: Rometheme

CVE IDTitleCVSSSeverityPublished
CVE-2025-12473 RTMKit <= 1.6.8 - Reflected Cross-Site Scripting via 'themebuilder' Parameter CWE-79 6.1 Medium2026-03-11
CVE-2025-8609 RTMKit Addons <= 1.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Repeater Block Attribute CWE-79 6.4 Medium2025-11-18
CVE-2025-62065 WordPress RTMKit plugin <= 1.6.5 - Arbitrary File Upload vulnerability CWE-434 8.8 -2025-11-06
CVE-2025-64283 WordPress RTMKit plugin <= 1.6.7 - Insecure Direct Object References (IDOR) vulnerability CWE-639 9.1AICriticalAI2025-10-29
CVE-2025-49235 WordPress RTMKit Addons for Elementor plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2025-06-06
CVE-2025-30911 WordPress RomethemeKit For Elementor plugin <= 1.5.4 - Arbitrary Plugin Installation/Activation to RCE vulnerability CWE-94 9.9 Critical2025-04-01
CVE-2024-10326 RomethemeKit For Elementor <= 1.5.3 - Missing Authorization in save_options and reset_widgets CWE-862 4.3 Medium2025-03-08
CVE-2025-24743 WordPress RomethemeKit For Elementor plugin <= 1.5.2 - Broken Access Control vulnerability CWE-862 4.3 Medium2025-01-27
CVE-2024-10324 RomethemeKit For Elementor <= 1.5.2 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates CWE-1230 4.3 Medium2025-01-24
CVE-2024-47626 WordPress RomethemeKit For Elementor plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2024-10-05
CVE-2024-32956 WordPress RomethemeKit For Elementor plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability CWE-79 6.5 Medium2024-04-24

All 11 known CVE vulnerabilities affecting RTMKit with full Chinese analysis, references, and POCs where available.