Critical vulnerability reported in RomethemeKit For Elementor WordPress Plugin
Take action: If you are running RomethemeKit For Elementor plugin, update immediately. The exploit does have some very basic prerequisites, like the attacker being a subscriber, but that role is active in so many sites. So don't delay, update to latest version - it's trivial to patch. And check for unknown plugins that may be already placed by hackers.
Learn More
A critical security vulnerability is reported in the RomethemeKit For Elementor WordPress plugin that enables Remote Code Execution (RCE) through improper permission handling, potentially allowing complete website compromise.
The vulnerability is tracked as CVE-2025-30911 (CVSS score 9.9) - Missing permission checks and nonce verification. The vulnerability stems from inadequate security controls in the plugin's install_requirements function, which lacked both proper permission and nonce checks. This allows any authenticated user - even those with minimal Subscriber privileges - to install and activate arbitrary plugins on the affected website. Once a malicious plugin is activated, an attacker can execute arbitrary code remotely, potentially leading to complete website compromise.
The flaw affects all versions up to and including 1.5.4. The flaw had an incomplete fix in version 1.5.4, then had a complete fix in version 1.5.5.
Website administrators should update immediately to version 1.5.5 or later, which implements proper permission checks and nonce verification and review server logs for suspicious plugin installation activities that might indicate compromise.
