Codexthemes

Thegem

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2026-42410

  • EPSS 0.13%
  • Veröffentlicht 27.04.2026 10:41:03
  • Zuletzt bearbeitet 27.04.2026 18:37:59

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) allows DOM-Based XSS.This issue affects TheGem Theme Elements (for Elementor): from n/a before 5.1...

7.5

CVE-2025-69356

  • EPSS 0.33%
  • Veröffentlicht 06.01.2026 16:36:41
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor allows PHP Local File Inclusion.This issue affects Th...

6.5

CVE-2025-68559

  • EPSS 0.13%
  • Veröffentlicht 23.12.2025 11:37:35
  • Zuletzt bearbeitet 23.04.2026 15:36:01

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor.This issue affects TheGem Theme Elements (for Elementor): from n/a throu...

7.5

CVE-2025-68560

  • EPSS 0.32%
  • Veröffentlicht 23.12.2025 11:36:26
  • Zuletzt bearbeitet 23.04.2026 15:36:01

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor.This issue affects TheGem Theme Elements (for Element...

6.5

CVE-2025-62011

  • EPSS 0.17%
  • Veröffentlicht 06.11.2025 15:55:22
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem thegem.This issue affects TheGem: from n/a through <= 5.10.5.

5.4

CVE-2025-60096

  • EPSS 0.25%
  • Veröffentlicht 26.09.2025 09:15:34
  • Zuletzt bearbeitet 23.04.2026 15:34:12

Missing Authorization vulnerability in CodexThemes TheGem (Elementor) thegem-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TheGem (Elementor): from n/a through <= 5.10.5.

5.4

CVE-2025-60097

  • EPSS 0.25%
  • Veröffentlicht 26.09.2025 09:15:34
  • Zuletzt bearbeitet 23.04.2026 15:34:12

Missing Authorization vulnerability in CodexThemes TheGem thegem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TheGem: from n/a through <= 5.10.5.

4.3

CVE-2025-4339

Medienbericht
  • EPSS 0.38%
  • Veröffentlicht 13.05.2025 06:40:56
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The TheGem theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxApi() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subsc...

8.8

CVE-2025-4317

Medienbericht
  • EPSS 1.06%
  • Veröffentlicht 13.05.2025 06:40:55
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The TheGem theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the thegem_get_logo_url() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Su...