Plataforma
wordpress
Componente
rometheme-for-elementor
Corrigido em
1.5.5
CVE-2025-30911 describes a Remote Code Execution (RCE) vulnerability within the RomethemeKit For Elementor WordPress plugin. This flaw allows attackers to inject arbitrary commands, potentially leading to complete system compromise. The vulnerability impacts versions from 0.0 up to and including 1.5.4. A fix is available in version 1.5.5.
The vulnerability stems from improper control of code generation, specifically allowing command injection. An attacker could exploit this by crafting malicious input that is then executed on the server. Successful exploitation could allow an attacker to execute arbitrary system commands, potentially leading to data theft, modification, or deletion. The attacker could also establish a persistent backdoor, enabling them to regain access to the system at a later time. Given the plugin's integration with Elementor, a popular WordPress page builder, the potential blast radius is significant, affecting numerous websites.
CVE-2025-30911 was publicly disclosed on April 1, 2025. The vulnerability is considered high probability due to the ease of command injection and the plugin's popularity. No public proof-of-concept (POC) code has been observed as of the disclosure date, but the nature of the vulnerability suggests that a POC is likely to emerge soon. It is not currently listed on the CISA KEV catalog.
Websites utilizing the RomethemeKit For Elementor plugin, particularly those running older versions (0.0 - 1.5.4), are at significant risk. Shared hosting environments where plugin updates are not managed by the website owner are also particularly vulnerable. Websites heavily reliant on Elementor for page building are also at higher risk due to the plugin's core functionality.
• wordpress / composer / npm:
grep -r 'system(' /var/www/html/wp-content/plugins/rometheme-for-elementor/• wordpress / composer / npm:
wp plugin list --status=inactive | grep rometheme• wordpress / composer / npm:
wp plugin update rometheme-for-elementor• generic web: Check WordPress plugin directory for updated version 1.5.5.
disclosure
Status do Exploit
EPSS
1.74% (percentil 82%)
CISA SSVC
Vetor CVSS
The primary mitigation is to immediately upgrade the RomethemeKit For Elementor plugin to version 1.5.5 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the plugin. While a direct WAF rule is unlikely to be effective against this type of code injection, carefully reviewing and restricting user input to the plugin is recommended. Monitor WordPress error logs for suspicious command execution attempts. Regularly scan your WordPress installation for vulnerabilities using a reputable security plugin.
Atualize o plugin Rometheme RTMKit rometheme-for-elementor para a última versão disponível para mitigar a vulnerabilidade de injeção de comandos. Verifique as fontes oficiais do plugin ou o repositório de WordPress para obter a atualização mais recente. Considere implementar medidas de segurança adicionais, como limitar os permissões de usuário e revisar o código do plugin em busca de possíveis vulnerabilidades.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2025-30911 is a critical Remote Code Execution vulnerability in the RomethemeKit For Elementor WordPress plugin, allowing attackers to execute commands on the server.
You are affected if you are using RomethemeKit For Elementor versions 0.0 through 1.5.4. Upgrade to 1.5.5 or later to resolve the issue.
Upgrade the RomethemeKit For Elementor plugin to version 1.5.5 or later. If upgrading is not possible, temporarily disable the plugin.
While no active exploitation has been confirmed, the vulnerability's nature suggests it is likely to be targeted, and a POC is expected.
Refer to the Rometheme official website or WordPress plugin repository for the latest advisory and update information.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.