Ghostwire
Home / Vulnerabilities / CVE-2026-3426

CVE-2026-3426: The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing...

MEDIUM CVSS 5.5

Published: May 13, 2026 | Last Modified: May 13, 2026

Description

The RTMKit Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the save_widget() and reset_all_widgets() functions in all versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with Author-level access and above, to modify or reset site-wide widget configurations.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (15 articles)

Tenable CVEs
CVE-2026-3426
 CVE Feed
CVE-2026-3426 - RTMKit Addons for Elementor <= 2.0.2 - Authenticated (Author+) Missing Authorization to Widget Configuration Modification
 Belgium CCB via Google News
Warning: Critical SQL injection & missing authentication check in SAP! (CVE-2026-34260 & CVE-2026-34263) Patch Immediately! | CCB Belgium - Centre for Cybersecurity Belgium
 Tenable CVEs
CVE-2026-34260
 CVE Feed
CVE-2026-34263 - Missing authentication check in SAP Commerce cloud configuration
 Tenable CVEs
CVE-2026-34263
 Tenable CVEs
CVE-2026-34268
 Tenable CVEs
CVE-2026-34267
 Tenable CVEs
CVE-2026-34269
 Tenable CVEs
CVE-2026-34266
 Tenable CVEs
CVE-2026-34264
 Tenable CVEs
CVE-2026-34262
 CVE Feed
CVE-2026-34264 - Information Disclosure vulnerability in SAP Human Capital Management for SAP S/4HANA
 CVE Feed
CVE-2026-34261 - Missing Authorization check in SAP Business Analytics and SAP Content Management
 Tenable CVEs
CVE-2026-34261

References