CVE-2026-5149 | rometheme RTMKit Plugin up to 2.0.7 on WordPress AJAX Endpoint entries_id authorization

Inserito da Angelo Barbosa | Giu 16, 2026 | CVE

A vulnerability was found in rometheme RTMKit Plugin up to 2.0.7 on WordPress and classified as problematic. The affected element is an unknown function of the component AJAX Endpoint. The manipulation of the argument entries_id results in incorrect authorization.

This vulnerability is identified as CVE-2026-5149. The attack can be executed remotely. There is not any exploit available.

It is suggested to upgrade the affected component.

CVE-2026-5149 | rometheme RTMKit Plugin up to 2.0.7 on WordPress AJAX Endpoint entries_id authorization

Post correlati

CVE-2024-7215 | TOTOLINK LR1200 9.3.1cu.2832 /cgi-bin/cstecgi.cgi NTPSyncWithHost host_time command injection

CVE-2024-2744 | NextGEN Gallery Plugin up to 3.59.0 on WordPress Setting cross site scripting

CVE-2026-24549 | Paolo GeoDirectory Plugin up to 2.8.147 on WordPress cross-site request forgery

CVE-2024-9549 | D-Link DIR-605L 2.13B01 BETA formEasySetupWizard formEasySetupWizard/formEasySetupWizard2 curTime buffer overflow