PT-2025-52742 · Codexthemes · Thegem Theme Elements
João Pedro S Alcântara
+1
·
Published
2025-12-23
·
Updated
2025-12-28
·
CVE-2025-68560
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TheGem Theme Elements (for Elementor) versions through 5.10.5.1
Description
An issue exists in CodexThemes TheGem Theme Elements (for Elementor) related to improper control of filename for include/require statements, potentially leading to a PHP Remote File Inclusion. This allows for the inclusion of files from remote locations, which could lead to code execution.
Recommendations
Update TheGem Theme Elements (for Elementor) to a version later than 5.10.5.1.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Thegem Theme Elements