Primary

Context

RomethemeKit For Elementor Missing Authorization Vulnerability in WordPress Plugin

Vulnerability

Patched

A vulnerability exists in the RomethemeKit For Elementor WordPress plugin, all versions through 1.5.3, allowing unauthorized data modification. This issue arises from a lack of capability checks in the save_options and reset_widgets functions. As a result, authenticated attackers with Subscriber-level access or higher can alter plugin settings or reset plugin widgets to their default state, with all widgets enabled. Version 1.5.3 partially addresses this vulnerability.

Impact

Exploitation of this vulnerability allows for unauthorized modification of plugin settings and the ability to reset plugin widgets to their default state, all enabled.

Remediation

Users can update to version 1.5.4 or a newer patched version to address this vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

0.6

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RomethemeKit For Elementor Missing Authorization Vulnerability in WordPress Plugin

Vulnerability

Impact

Remediation

Affected Products

RomethemeKit

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating