A vulnerability was found in rometheme RTMKit Plugin up to 2.0.7 on WordPress and classified as problematic . The affected element is an unknown function of the component AJAX Endpoint . The manipulation of the argument entries_id results in incorrect authorization. This vulnerability is identified as CVE-2026-5149 . The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.