๐Ÿ” CVE Alert

CVE-2026-12907

UNKNOWN 0.0

RTMKit Addons for Elementor < 2.0.9 - Author+ Site-Wide Theme Builder Template Creation and Activation

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

The RTMKit WordPress plugin before 2.0.9 does not perform a proper capability check on one of its -builder AJAX actions, allowing users with at least the Author role to create and activate a site-wide template that overrides the header, footer or other global areas displayed to all visitors, which is normally restricted to administrators.

Vendor unknown
Product rtmkit
Published Jul 16, 2026
Stay Ahead of the Next One

Get instant alerts for unknown rtmkit

Be the first to know when new unknown vulnerabilities affecting unknown rtmkit are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / RTMKit
0 < 2.0.9

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/61588303-d356-4cec-9cdc-15dc8cb0b29f/

Credits

Meher Sudhakar Abbireddi WPScan