๐Ÿ” CVE Alert

CVE-2026-12906

UNKNOWN 0.0

RTMKit Addons for Elementor < 2.0.9 - Contributor+ Private Post Title Disclosure

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

The RTMKit WordPress plugin before 2.0.9 does not perform a capability check in one of its AJAX actions and resolves a request-supplied post identifier directly, allowing users with at least the Contributor role to read the titles of other users' private, draft, pending, scheduled and trashed posts.

Vendor unknown
Product rtmkit
Published Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for unknown rtmkit

Be the first to know when new unknown vulnerabilities affecting unknown rtmkit are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / RTMKit
0 < 2.0.9

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/594c3769-b953-4966-836d-a0dc4585fe87/

Credits

Meher Sudhakar Abbireddi WPScan