CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Missing Authorization vulnerability in CodexThemes TheGem thegem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TheGem: from n/a through = 5.10.5...

5.4CVSS5.9AI score0.00056EPSS

Exploits0References1

NVD•added 2025/09/26 9:15 a.m.•1 views

CVE-2025-60097

Missing Authorization vulnerability in CodexThemes TheGem thegem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TheGem: from n/a through = 5.10.5...

5.4CVSS0.00056EPSS

Exploits0References1

Positive Technologies•added 2025/09/26 12:0 a.m.•2 views

PT-2025-39543

Name of the Vulnerable Software and Affected Versions CodexThemes TheGem Elementor versions through 5.10.5 Description A security issue exists in CodexThemes TheGem Elementor related to incorrectly configured access control security levels, potentially allowing unauthorized access. Recommendation...

5.4CVSS6.4AI score0.00056EPSS

Exploits0References3

Positive Technologies•added 2025/09/26 12:0 a.m.•4 views

PT-2025-39544

Name of the Vulnerable Software and Affected Versions CodexThemes TheGem versions through 5.10.5 Description An authorization issue exists in CodexThemes TheGem, allowing exploitation of incorrectly configured access control security levels. Recommendations Update CodexThemes TheGem to a version...

5.4CVSS6.6AI score0.00056EPSS

Exploits0References3

Wordfence Blog•added 2025/05/12 6:24 p.m.•24 views

82,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in TheGem WordPress Theme

📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On May 4th, 2025, we received a submission for an Arbitrary File Upload...

8.8CVSS7.9AI score0.01164EPSS

Exploits1

NVD•added 2024/03/26 9:15 a.m.•13 views

CVE-2023-32237

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Elementor, CodexThemes TheGem WPBakery allows Stored XSS.This issue affects TheGem Elementor: from n/a before 5.8.1.1; TheGem WPBakery: from n/a before 5.8.1.1...

5.4CVSS6.4AI score0.00255EPSS

Exploits0References2

Cvelist•added 2024/03/26 8:53 a.m.•19 views

CVE-2023-32237 Auth. Stored Cross-Site Scripting (XSS) vulnerability in TheGem theme by CodexThemes

5.4CVSS6.6AI score0.00255EPSS

Exploits0References2

CVE•added 2024/03/26 8:53 a.m.•43 views

CVE-2023-32237

CVE-2023-32237 describes a stored cross-site scripting (XSS) issue in the WordPress theme/plugin set TheGem. The root cause is improper neutralization of user input during web page generation, enabling stored XSS in TheGem (Elementor) and TheGem (WPBakery). Affected versions: TheGem for Elementor...

6.5CVSS8.6AI score0.00255EPSS

Exploits0References2

Vulnrichment•added 2024/03/26 8:53 a.m.•13 views

CVE-2023-32237 Auth. Stored Cross-Site Scripting (XSS) vulnerability in TheGem theme by CodexThemes

6.5CVSS7AI score0.00255EPSS

Exploits0References2

OSV•added 2023/12/29 12:15 p.m.•0 views

CVE-2023-50892

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9...

6.1CVSS7.3AI score0.00167EPSS

Exploits1References1

NVD•added 2023/12/29 12:15 p.m.•11 views

CVE-2023-50892

7.1CVSS0.00167EPSS

Exploits1References1

Prion•added 2023/12/29 12:15 p.m.•11 views

Cross site scripting

5.8CVSS7.2AI score0.00167EPSS

Exploits1References1Affected Software1

CVE•added 2023/12/29 11:15 a.m.•93 views

CVE-2023-50892

CVE-2023-50892 describes a Reflected XSS in TheGem – Creative Multi-Purpose & WooCommerce WordPress Theme. Affected: TheGem versions up to 5.9.1 (range n/a–5.9.1). NVD lists CVSSv3.1 metrics: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N with base score 6.1 (Medium); Patchstack CNA reports CVSSv3.1 metrics...

7.1CVSS7AI score0.00167EPSS

Exploits1References1Affected Software1

Cvelist•added 2023/12/29 11:15 a.m.•18 views

CVE-2023-50892 WordPress TheGem Theme <= 5.9.1 is vulnerable to Cross Site Scripting (XSS)

7.1CVSS7.2AI score0.00167EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by