Platform
wordpress
Component
rometheme-for-elementor
Opgelost in
1.5.5
CVE-2025-30911 describes a Remote Code Execution (RCE) vulnerability within the RomethemeKit For Elementor WordPress plugin. This flaw allows attackers to inject arbitrary commands, potentially leading to complete system compromise. The vulnerability impacts versions from 0.0 up to and including 1.5.4. A fix is available in version 1.5.5.
The vulnerability stems from improper control of code generation, specifically allowing command injection. An attacker could exploit this by crafting malicious input that is then executed on the server. Successful exploitation could allow an attacker to execute arbitrary system commands, potentially leading to data theft, modification, or deletion. The attacker could also establish a persistent backdoor, enabling them to regain access to the system at a later time. Given the plugin's integration with Elementor, a popular WordPress page builder, the potential blast radius is significant, affecting numerous websites.
CVE-2025-30911 was publicly disclosed on April 1, 2025. The vulnerability is considered high probability due to the ease of command injection and the plugin's popularity. No public proof-of-concept (POC) code has been observed as of the disclosure date, but the nature of the vulnerability suggests that a POC is likely to emerge soon. It is not currently listed on the CISA KEV catalog.
Websites utilizing the RomethemeKit For Elementor plugin, particularly those running older versions (0.0 - 1.5.4), are at significant risk. Shared hosting environments where plugin updates are not managed by the website owner are also particularly vulnerable. Websites heavily reliant on Elementor for page building are also at higher risk due to the plugin's core functionality.
• wordpress / composer / npm:
grep -r 'system(' /var/www/html/wp-content/plugins/rometheme-for-elementor/• wordpress / composer / npm:
wp plugin list --status=inactive | grep rometheme• wordpress / composer / npm:
wp plugin update rometheme-for-elementor• generic web: Check WordPress plugin directory for updated version 1.5.5.
disclosure
Exploit Status
EPSS
1.74% (82% percentiel)
CISA SSVC
CVSS-vector
The primary mitigation is to immediately upgrade the RomethemeKit For Elementor plugin to version 1.5.5 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the plugin. While a direct WAF rule is unlikely to be effective against this type of code injection, carefully reviewing and restricting user input to the plugin is recommended. Monitor WordPress error logs for suspicious command execution attempts. Regularly scan your WordPress installation for vulnerabilities using a reputable security plugin.
Werk de Rometheme RTMKit rometheme-for-elementor plugin bij naar de meest recente beschikbare versie om de Command Injection kwetsbaarheid te mitigeren. Controleer de officiële bronnen van de plugin of de WordPress repository voor de meest recente update. Overweeg aanvullende beveiligingsmaatregelen te implementeren, zoals het beperken van gebruikersrechten en het controleren van de plugin-code op mogelijke kwetsbaarheden.
Kwetsbaarheidsanalyses en kritieke waarschuwingen direct in uw inbox.
CVE-2025-30911 is a critical Remote Code Execution vulnerability in the RomethemeKit For Elementor WordPress plugin, allowing attackers to execute commands on the server.
You are affected if you are using RomethemeKit For Elementor versions 0.0 through 1.5.4. Upgrade to 1.5.5 or later to resolve the issue.
Upgrade the RomethemeKit For Elementor plugin to version 1.5.5 or later. If upgrading is not possible, temporarily disable the plugin.
While no active exploitation has been confirmed, the vulnerability's nature suggests it is likely to be targeted, and a POC is expected.
Refer to the Rometheme official website or WordPress plugin repository for the latest advisory and update information.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.
Upload je dependency-bestand en kom direct te weten of deze en andere CVEs jou raken.