Rometheme RTMKit Unrestricted File Upload Vulnerability in WordPress

Vulnerability

A vulnerability allowing unrestricted upload of files with dangerous types has been identified in the Rometheme RTMKit plugin for Elementor. This issue affects versions of the plugin from an unspecified date through 1.6.5.

Impact

Exploitation of this vulnerability could lead to arbitrary file upload, allowing potentially malicious files to be uploaded to the server.

Added: Nov 6, 2025, 5:22 PM

Updated: Nov 6, 2025, 8:11 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

7.6

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

7.6

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Rometheme RTMKit Unrestricted File Upload Vulnerability in WordPress

Vulnerability

Impact

Affected Products

Rometheme RTMKit

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating