CVE-2024-10326

Name of the Vulnerable Software and Affected Versions RomethemeKit For Elementor plugin for WordPress versions up to, and including, 1.5.3

Description The issue allows authenticated attackers with Subscriber-level access and above to modify plugin settings or reset plugin widgets to their default state. This is due to a missing capability check on the save options and reset widgets functions.

Recommendations For versions up to, and including, 1.5.3, update to a version that fully addresses the issue, as version 1.5.3 only partially fixes the problem. As a temporary workaround, consider restricting access to the save options and reset widgets functions to prevent unauthorized modification of data.