Rometheme — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting Rometheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Rometheme:RTMKit RomethemeKit For Elementor RTMForm Builder RomethemeForm For Elementor

CVE ID	Title	CVSS	Severity	Published
CVE-2025-12473	RTMKit <= 1.6.8 - Reflected Cross-Site Scripting via 'themebuilder' Parameter — RTMKitCWE-79	6.1	Medium	2026-03-11
CVE-2025-8609	RTMKit Addons <= 1.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Repeater Block Attribute — RTMKitCWE-79	6.4	Medium	2025-11-18
CVE-2025-62065	WordPress RTMKit plugin <= 1.6.5 - Arbitrary File Upload vulnerability — RTMKitCWE-434	8.8	-	2025-11-06
CVE-2025-64283	WordPress RTMKit plugin <= 1.6.7 - Insecure Direct Object References (IDOR) vulnerability — RTMKitCWE-639	9.1^AI	Critical^AI	2025-10-29
CVE-2025-49235	WordPress RTMKit Addons for Elementor plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability — RTMKitCWE-79	6.5	Medium	2025-06-06
CVE-2025-30911	WordPress RomethemeKit For Elementor plugin <= 1.5.4 - Arbitrary Plugin Installation/Activation to RCE vulnerability — RTMKitCWE-94	9.9	Critical	2025-04-01
CVE-2024-10326	RomethemeKit For Elementor <= 1.5.3 - Missing Authorization in save_options and reset_widgets — RTMKitCWE-862	4.3	Medium	2025-03-08
CVE-2025-24743	WordPress RomethemeKit For Elementor plugin <= 1.5.2 - Broken Access Control vulnerability — RTMKitCWE-862	4.3	Medium	2025-01-27
CVE-2024-10324	RomethemeKit For Elementor <= 1.5.2 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates — RTMKitCWE-1230	4.3	Medium	2025-01-24
CVE-2024-47626	WordPress RomethemeKit For Elementor plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability — RTMKitCWE-79	6.5	Medium	2024-10-05
CVE-2024-32727	WordPress RomethemeForm For Elementor plugin <= 1.1.2 - Broken Access Control vulnerability — RomethemeForm For ElementorCWE-862	5.3	Medium	2024-06-09
CVE-2023-6325	RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate — RTMForm BuilderCWE-862	5.3	Medium	2024-05-23
CVE-2024-33919	WordPress RomethemeKit For Elementor plugin <= 1.4.1 - Broken Access Control vulnerability — RomethemeKit For ElementorCWE-862	6.5	Medium	2024-05-03
CVE-2024-32956	WordPress RomethemeKit For Elementor plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability — RTMKitCWE-79	6.5	Medium	2024-04-24

This page lists every published CVE security advisory associated with Rometheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

Rometheme — Vulnerabilities & Security Advisories 14