CVE-2026-3425 | rometheme RTMKit Plugin up to 2.0.2 on WordPress get_content path filename control

May 13, 2026 Yanac

A vulnerability classified as critical was found in rometheme RTMKit Plugin up to 2.0.2 on WordPress. This issue affects the function get_content. The manipulation of the argument path results in improper control of filename for include/require statement in php program (‘php remote file inclusion’).

This vulnerability is known as CVE-2026-3425. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More