Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3
Critical0
High2
Medium1
Reset
Showing 1-3 of 3 records
Threat Entry Updated 2025-05-13

CVE-2025-4317 - Thegem Theme

The TheGem theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the thegem_get_logo_url() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

THEME Thegem

CVE-2025-4317

HIGH CVSS 8.8 2025-05-13
Open Full Technical Breakdown
Threat Entry Updated 2025-05-13

CVE-2025-4339 - Thegem Theme

The TheGem theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxApi() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary theme options.

THEME Thegem

CVE-2025-4339

MEDIUM CVSS 4.3 2025-05-13
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-50892 - Thegem Plugin

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9.1.

PLUGIN Thegem

CVE-2023-50892

HIGH CVSS 7.1 2023-12-29
Open Full Technical Breakdown
Scroll to top