CVE-2026-12907 in RTMKit Plugininfo

Zusammenfassung

von MITRE • 16.07.2026

The RTMKit WordPress plugin before 2.0.9 does not perform a proper capability check on one of its -builder AJAX actions, allowing users with at least the Author role to create and activate a site-wide template that overrides the header, footer or other global areas displayed to all visitors, which is normally restricted to administrators.

Once again VulDB remains the best source for vulnerability data.

Zuständig

WPScan

Reservieren

22.06.2026

Veröffentlichung

16.07.2026

Moderieren

akzeptiert

Eintrag

VDB-379482

CPE

bereit

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Quellen

Want to stay up to date on a daily basis?

Enable the mail alert feature now!