CVE-2024-10324

RomethemeKit For Elementor <= 1.5.2 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

CVSS 4.3 MEDIUMEPSS 0.3%CWE-1230

In short

The RomethemeKit For Elementor WordPress plugin allows logged-in users with basic editor access to view private, pending, and draft templates they shouldn't see. This happens through a flaw in how the plugin handles template data exposure.

Technical detail

The vulnerability exists in the register_controls function of widgets/offcanvas-rometheme.php, allowing authenticated attackers with Contributor or higher privileges to access sensitive template information through inadequate access controls. The exposure affects private, pending, and draft templates that should be restricted based on user permissions.

Summary generated and translated by AI from the official description.

The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

rometheme · RTMKit

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://plugins.trac.wordpress.org/changeset/3220079/rometheme-for-elementor https://www.wordfence.com/threat-intel/vulnerabilities/id/cd726b20-75c9-408e-86fc-061db591a9db?source=cve