Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

rometheme — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting rometheme. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Rometheme is a WordPress theme provider offering customizable templates for websites, primarily targeting small businesses and personal blogs. Historically, the platform has been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities, contributing to its 14 CVE count. Security researchers have identified consistent flaws in input validation and access controls, with some instances allowing complete site compromise. While no major public breaches have been widely documented, the cumulative CVE history suggests ongoing challenges in secure coding practices, particularly in file handling and user permission management.

Found 11 results / 14Clear Filters
Top products by rometheme: RTMKit RomethemeKit For Elementor RTMForm Builder RomethemeForm For Elementor
CVE IDTitleCVSSSeverityPublished
CVE-2025-12473 RTMKit <= 1.6.8 - Reflected Cross-Site Scripting via 'themebuilder' Parameter — RTMKitCWE-79 6.1 Medium2026-03-11
CVE-2025-8609 RTMKit Addons <= 1.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Repeater Block Attribute — RTMKitCWE-79 6.4 Medium2025-11-18
CVE-2025-62065 WordPress RTMKit plugin <= 1.6.5 - Arbitrary File Upload vulnerability — RTMKitCWE-434 9.9 Critical2025-11-06
CVE-2025-64283 WordPress RTMKit plugin <= 1.6.7 - Insecure Direct Object References (IDOR) vulnerability — RTMKitCWE-639 6.5 Medium2025-10-29
CVE-2025-49235 WordPress RTMKit Addons for Elementor plugin <= 1.6.0 - Cross Site Scripting (XSS) vulnerability — RTMKitCWE-79 6.5 Medium2025-06-06
CVE-2025-30911 WordPress RomethemeKit For Elementor plugin <= 1.5.4 - Arbitrary Plugin Installation/Activation to RCE vulnerability — RTMKitCWE-94 9.9 Critical2025-04-01
CVE-2024-10326 RomethemeKit For Elementor <= 1.5.3 - Missing Authorization in save_options and reset_widgets — RTMKitCWE-862 4.3 Medium2025-03-08
CVE-2025-24743 WordPress RomethemeKit For Elementor plugin <= 1.5.2 - Broken Access Control vulnerability — RTMKitCWE-862 4.3 Medium2025-01-27
CVE-2024-10324 RomethemeKit For Elementor <= 1.5.2 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates — RTMKitCWE-1230 4.3 Medium2025-01-24
CVE-2024-47626 WordPress RomethemeKit For Elementor plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability — RTMKitCWE-79 6.5 Medium2024-10-05
CVE-2024-32956 WordPress RomethemeKit For Elementor plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability — RTMKitCWE-79 6.5 Medium2024-04-24

This page lists every published CVE security advisory associated with rometheme. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.