{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4339", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-05T16:17:26.462Z", "datePublished": "2025-05-13T06:40:56.275Z", "dateUpdated": "2026-04-08T17:32:36.442Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:32:36.442Z"}, "affected": [{"vendor": "CodexThemes", "product": "TheGem", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.10.3", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The TheGem theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxApi() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary theme options."}], "title": "TheGem <= 5.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Theme Options Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f2358979-25b9-4c52-88dc-25390be6bd22?source=cve"}, {"url": "https://themeforest.net/item/thegem-creative-multipurpose-highperformance-wordpress-theme/16061685"}, {"url": "https://codex-themes.com/thegem/changelog.html"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Friderika Baranyai"}], "timeline": [{"time": "2025-05-12T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-13T18:58:55.453253Z", "id": "CVE-2025-4339", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-13T18:59:13.686Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4339", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-13T18:58:55.453253Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-13T18:59:03.825Z"}}], "cna": {"title": "TheGem <= 5.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Theme Options Update", "credits": [{"lang": "en", "type": "finder", "value": "Friderika Baranyai"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "CodexThemes", "product": "TheGem", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "5.10.3"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-12T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f2358979-25b9-4c52-88dc-25390be6bd22?source=cve"}, {"url": "https://themeforest.net/item/thegem-creative-multipurpose-highperformance-wordpress-theme/16061685"}, {"url": "https://codex-themes.com/thegem/changelog.html"}], "descriptions": [{"lang": "en", "value": "The TheGem theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxApi() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary theme options."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:32:36.442Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4339", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:32:36.442Z", "dateReserved": "2025-05-05T16:17:26.462Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-05-13T06:40:56.275Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The TheGem theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxApi() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary theme options."}, {"lang": "es", "value": "El tema TheGem para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a la falta de una comprobaci\u00f3n de capacidad en la funci\u00f3n ajaxApi() en todas las versiones hasta la 5.10.3 incluida. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, actualicen opciones arbitrarias del tema."}], "id": "CVE-2025-4339", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-05-13T07:15:52.483", "references": [{"source": "security@wordfence.com", "url": "https://codex-themes.com/thegem/changelog.html"}, {"source": "security@wordfence.com", "url": "https://themeforest.net/item/thegem-creative-multipurpose-highperformance-wordpress-theme/16061685"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f2358979-25b9-4c52-88dc-25390be6bd22?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T22:51:02.990694+00:00", "value": {"mitigation_remediation": ["Update the TheGem theme to a patch\u2011level version 5.10.4 or newer to eliminate the missing capability check.", "If an immediate upgrade is not feasible, modify role capabilities so that Subscriber-level accounts lack the \"edit_theme_options\" capability, thereby preventing access to the AJAX endpoint that updates theme options.", "Continuously audit the theme options page for unauthorized modifications and implement monitoring or logging to detect any unexpected changes to the theme configuration."], "summary": {"action": "Update Theme", "impact": "Unauthorized modification of theme settings"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all CodexThemes:TheGem WordPress theme releases up to and including version 5.10.3. Any site utilizing these theme versions is susceptible; newer releases are not affected as they contain the missing authorization check fix.", "description_and_impact": "TheGem theme for WordPress contains a missing capability check in its ajaxApi function, which allows authenticated users with Subscriber level or higher to update arbitrary theme options. This flaw, classified as a Missing Authorization weakness, can alter site appearance or redirect users without the site owner's consent, compromising the integrity of the theme configuration.", "risk_and_exploitability": "The CVSS score of 4.3 indicates moderate severity, while the EPSS score of less than 1% suggests a very low probability of exploitation. Because the flaw requires a valid authenticated account at the Subscriber level or higher and operates via an AJAX endpoint, the attack vector is restricted to inbound authenticated web requests. The vulnerability is not listed in the CISA KEV catalog, further indicating it may not be a high\u2011profile threat at present."}}}}, "created": "2026-04-20T23:00:14.146601+00:00", "updated": "2026-04-20T23:00:14.146612+00:00", "vendors": []}