Primary

Context

Rometheme RomethemeKit For Elementor Code Injection Vulnerability Leading to Remote Code Execution

Vulnerability

Patched

A code injection vulnerability allowing command execution has been identified in the Rometheme RomethemeKit For Elementor plugin, affecting versions through 1.5.4. This vulnerability arises from improper control over code generation, which could be exploited to execute arbitrary commands on the server.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected website, potentially leading to unauthorized access and control over the site.

Remediation

Users of the Rometheme RomethemeKit For Elementor plugin should update to version 1.5.5 or later. Patchstack users can enable auto-update for vulnerable plugins.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

7.5

exploitability

5.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rometheme RomethemeKit For Elementor Code Injection Vulnerability Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Rometheme RomethemeKit For Elementor

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating