Unauthorized Data Modification in RomethemeKit For Elementor by Rometheme
CVE-2024-10326
4.3MEDIUM
What is CVE-2024-10326?
The RomethemeKit For Elementor plugin for WordPress is susceptible to unauthorized data modifications due to the absence of capability checks in the save_options and reset_widgets functions. This vulnerability impacts all plugin versions up to and including 1.5.3, allowing attackers with Subscriber-level access or higher to alter plugin settings or revert widgets to their default state. A partial fix was implemented in version 1.5.3, yet the issue remains critical for users still on earlier versions.
Affected Version(s)
RomethemeKit For Elementor * <= 1.5.3