Platform
wordpress
Component
rometheme-for-elementor
Fixed in
1.5.5
CVE-2025-30911 describes a Remote Code Execution (RCE) vulnerability within the RomethemeKit For Elementor WordPress plugin. This flaw allows attackers to inject arbitrary commands, potentially leading to complete system compromise. The vulnerability impacts versions from 0.0 up to and including 1.5.4. A fix is available in version 1.5.5.
The vulnerability stems from improper control of code generation, specifically allowing command injection. An attacker could exploit this by crafting malicious input that is then executed on the server. Successful exploitation could allow an attacker to execute arbitrary system commands, potentially leading to data theft, modification, or deletion. The attacker could also establish a persistent backdoor, enabling them to regain access to the system at a later time. Given the plugin's integration with Elementor, a popular WordPress page builder, the potential blast radius is significant, affecting numerous websites.
CVE-2025-30911 was publicly disclosed on April 1, 2025. The vulnerability is considered high probability due to the ease of command injection and the plugin's popularity. No public proof-of-concept (POC) code has been observed as of the disclosure date, but the nature of the vulnerability suggests that a POC is likely to emerge soon. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
1.74% (82% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to immediately upgrade the RomethemeKit For Elementor plugin to version 1.5.5 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the plugin. While a direct WAF rule is unlikely to be effective against this type of code injection, carefully reviewing and restricting user input to the plugin is recommended. Monitor WordPress error logs for suspicious command execution attempts. Regularly scan your WordPress installation for vulnerabilities using a reputable security plugin.
Update the Rometheme RTMKit rometheme-for-elementor plugin to the latest available version to mitigate the command injection vulnerability. Check the plugin's official sources or the WordPress repository for the most recent update. Consider implementing additional security measures, such as limiting user permissions and reviewing plugin code for potential vulnerabilities.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-30911 is a critical Remote Code Execution vulnerability in the RomethemeKit For Elementor WordPress plugin, allowing attackers to execute commands on the server.
You are affected if you are using RomethemeKit For Elementor versions 0.0 through 1.5.4. Upgrade to 1.5.5 or later to resolve the issue.
Upgrade the RomethemeKit For Elementor plugin to version 1.5.5 or later. If upgrading is not possible, temporarily disable the plugin.
While no active exploitation has been confirmed, the vulnerability's nature suggests it is likely to be targeted, and a POC is expected.
Refer to the Rometheme official website or WordPress plugin repository for the latest advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.