{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4317", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-05T13:58:46.175Z", "datePublished": "2025-05-13T06:40:55.865Z", "dateUpdated": "2026-04-08T17:25:37.340Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:25:37.340Z"}, "affected": [{"vendor": "CodexThemes", "product": "TheGem", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.10.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The TheGem theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the thegem_get_logo_url() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "title": "TheGem <= 5.10.3 - Authenticated (Subscriber+) Arbitrary File Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d379bc09-7788-4a29-b23f-7f42afe04fd4?source=cve"}, {"url": "https://themeforest.net/item/thegem-creative-multipurpose-highperformance-wordpress-theme/16061685"}, {"url": "https://codex-themes.com/thegem/changelog.html"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Friderika Baranyai"}], "timeline": [{"time": "2025-05-12T18:13:07.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-13T13:18:39.417777Z", "id": "CVE-2025-4317", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-13T13:18:47.152Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4317", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-13T13:18:39.417777Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-13T13:18:43.775Z"}}], "cna": {"title": "TheGem <= 5.10.3 - Authenticated (Subscriber+) Arbitrary File Upload", "credits": [{"lang": "en", "type": "finder", "value": "Friderika Baranyai"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "CodexThemes", "product": "TheGem", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "5.10.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-12T18:13:07.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d379bc09-7788-4a29-b23f-7f42afe04fd4?source=cve"}, {"url": "https://themeforest.net/item/thegem-creative-multipurpose-highperformance-wordpress-theme/16061685"}, {"url": "https://codex-themes.com/thegem/changelog.html"}], "descriptions": [{"lang": "en", "value": "The TheGem theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the thegem_get_logo_url() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:25:37.340Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4317", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:25:37.340Z", "dateReserved": "2025-05-05T13:58:46.175Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-05-13T06:40:55.865Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The TheGem theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the thegem_get_logo_url() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}, {"lang": "es", "value": "El tema TheGem para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n thegem_get_logo_url() en todas las versiones hasta la 5.10.3 incluida. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que podr\u00eda posibilitar la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2025-4317", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-05-13T07:15:52.327", "references": [{"source": "security@wordfence.com", "url": "https://codex-themes.com/thegem/changelog.html"}, {"source": "security@wordfence.com", "url": "https://themeforest.net/item/thegem-creative-multipurpose-highperformance-wordpress-theme/16061685"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d379bc09-7788-4a29-b23f-7f42afe04fd4?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T20:51:05.540559+00:00", "value": {"mitigation_remediation": ["Upgrade TheGem theme to version 5.10.4 or later, which removes the vulnerable function.", "If upgrading immediately is not possible, limit or disable the logo upload functionality by removing the relevant shortcode or consulting the theme developer for a temporary patch.", "After applying a mitigation or patch, verify that no unauthorized files exist in the theme\u2019s upload directory and monitor the site for any unusual activity."], "summary": {"action": "Patch immediately", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "WordPress sites that use CodexThemes TheGem theme version 5.10.3 or earlier are vulnerable. All installations of these theme releases remain at risk until upgraded or mitigated.", "description_and_impact": "TheGem WordPress theme has a missing file type validation in the thegem_get_logo_url() function that allows an authenticated user with Subscriber-level access or higher to upload any file to the server. This flaw can be used to place malicious scripts or binaries on the website, potentially enabling remote code execution and full compromise of the site. The core weakness is a file upload validation failure, mapped to CWE-434.", "risk_and_exploitability": "The CVSS score of 8.8 indicates high severity, while the EPSS score of 1% suggests a low-but-not-zero likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Attackers must first authenticate as a Subscriber or higher, which limits the attack surface but does not eliminate it. Successful exploitation could result in the execution of arbitrary code on the web server and full control of the WordPress installation."}}}}, "created": "2026-04-21T21:00:36.005761+00:00", "updated": "2026-04-21T21:00:36.005780+00:00", "vendors": []}