Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Primary rating from Vendor (WPScan) · only source for this CVE.
CVSS VectorVendor: WPScan
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
The RTMKit WordPress plugin before 2.0.9 does not perform a proper capability check on one of its -builder AJAX actions, allowing users with at least the Author role to create and activate a site-wide template that overrides the header, footer or other global areas displayed to all visitors, which is normally restricted to administrators.
Analysis
The RTMKit WordPress plugin before 2.0.9 does not perform a proper capability check on one of its -builder AJAX actions, allowing users with at least the Author role to create and activate a site-wide template that overrides the header, footer or other global areas displayed to all visitors, which is normally restricted to administrators.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Threat intelligence, references, and detailed analysis are available after sign-in.
The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a r
Unauthorized form submission disclosure in RTMKit (rometheme-for-elementor) versions up to and including 2.0.7 allows an
Stored Cross-Site Scripting in RTMKit (rometheme-for-elementor) versions up to and including 2.0.7 allows authenticated
Local File Inclusion in the RTMKit (rometheme-for-elementor) plugin for WordPress versions up to and including 2.0.7 all
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44880
GHSA-q754-gwx4-mxg2