CVE-2026-12907
RTMKit Addons for Elementor < 2.0.9 - Author+ Site-Wide Theme Builder Template Creation and Activation
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
The RTMKit WordPress plugin before 2.0.9 does not perform a proper capability check on one of its -builder AJAX actions, allowing users with at least the Author role to create and activate a site-wide template that overrides the header, footer or other global areas displayed to all visitors, which is normally restricted to administrators.
| Vendor | unknown |
| Product | rtmkit |
| Published | Jul 16, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown rtmkit
Be the first to know when new unknown vulnerabilities affecting unknown rtmkit are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / RTMKit
0 < 2.0.9
References
Credits
Meher Sudhakar Abbireddi WPScan