All 4 CVE vulnerabilities found in TheGem, with AI-generated Chinese analysis, references, and POCs.
Vendor: CodexThemes
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-62011 | WordPress TheGem theme <= 5.10.5 - Cross Site Scripting (XSS) vulnerability CWE-79 | 6.1 | - | 2025-11-06 |
| CVE-2025-60097 | WordPress TheGem Theme <= 5.10.5 - Broken Access Control Vulnerability CWE-862 | 5.4 | Medium | 2025-09-26 |
| CVE-2025-4317 | TheGem <= 5.10.3 - Authenticated (Subscriber+) Arbitrary File Upload CWE-434 | 8.8 | High | 2025-05-13 |
| CVE-2025-4339 | TheGem <= 5.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Theme Options Update CWE-862 | 4.3 | Medium | 2025-05-13 |
All 4 known CVE vulnerabilities affecting TheGem with full Chinese analysis, references, and POCs where available.