PT-2026-40595 · WordPress · Rtmkit Addons For Elementor
Momopon1415
·
Published
2026-05-13
·
Updated
2026-05-13
·
CVE-2026-3426
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
RTMKit Addons for Elementor versions prior to 2.0.3
Description
The RTMKit Addons for Elementor plugin for WordPress allows unauthorized modification of data because of missing capability checks in the
save widget() and reset all widgets() functions. Authenticated attackers with Author-level access or higher can exploit this to modify or reset site-wide widget configurations.Recommendations
Update to a version later than 2.0.2.
As a temporary workaround, restrict access to the
save widget() and reset all widgets() functions for users with Author-level permissions.Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rtmkit Addons For Elementor