Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Primary rating from Vendor (WPScan) · only source for this CVE.
CVSS VectorVendor: WPScan
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a request-supplied post identifier directly, allowing users with at least the Contributor role to read the titles of other users' private, draft, pending, scheduled and trashed posts.
Analysis
The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a request-supplied post identifier directly, allowing users with at least the Contributor role to read the titles of other users' private, draft, pending, scheduled and trashed posts.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Threat intelligence, references, and detailed analysis are available after sign-in.
The RTMKit WordPress plugin before 2.0.9 does not perform a proper capability check on one of its -builder AJAX actions,
Unauthorized form submission disclosure in RTMKit (rometheme-for-elementor) versions up to and including 2.0.7 allows an
Stored Cross-Site Scripting in RTMKit (rometheme-for-elementor) versions up to and including 2.0.7 allows authenticated
Local File Inclusion in the RTMKit (rometheme-for-elementor) plugin for WordPress versions up to and including 2.0.7 all
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44879
GHSA-344h-fqfm-3mrj