6 matches found
CVE-2023-32238 WordPress TheGem theme < 5.8.1.1 - Broken Access Control vulnerability
Vulnerability in CodexThemes TheGem Elementor, CodexThemes TheGem WPBakery.This issue affects TheGem Elementor: from n/a before 5.8.1.1; TheGem WPBakery: from n/a before 5.8.1.1...
CVE-2025-62011 WordPress TheGem theme <= 5.10.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem thegem.This issue affects TheGem: from n/a through = 5.10.5...
CVE-2025-62011 WordPress TheGem theme <= 5.10.5 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem thegem.This issue affects TheGem: from n/a through = 5.10.5...
CVE-2025-60096 WordPress TheGem (Elementor) Theme <= 5.10.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in CodexThemes TheGem Elementor thegem-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TheGem Elementor: from n/a through = 5.10.5...
WordPress TheGem (Elementor) Theme <= 5.10.5 is vulnerable to Broken Access Control
Software TheGem Elementor Type Theme Vulnerable versions = 5.10.5 Fixed in 5.10.5.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-60096 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2ce2db30c88d Credits Rafie Muhammad Patchstack...
PT-2025-20835 · WordPress · Thegem
Name of the Vulnerable Software and Affected Versions: TheGem theme for WordPress versions up to, and including, 5.10.3 Description: The issue arises from missing file type validation in the thegem get logo url function, allowing authenticated attackers with Subscriber-level access or higher to...