3 matches found
CVE-2025-4317 TheGem <= 5.10.3 - Authenticated (Subscriber+) Arbitrary File Upload
The TheGem theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the thegemgetlogourl function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary...
CVE-2025-4317
TheGem WordPress theme (TheGem
WordPress TheGem Theme <= 5.10.3 is vulnerable to Arbitrary File Upload
Software TheGem Type Theme Vulnerable versions = 5.10.3 Fixed in 5.10.3.1 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2025-4317 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 9a2acfb1e3cd Credits Foxyyy Required privilege Subscriber Published...