WordPress TheGem Theme <= 5.9.1 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-50892

7.1HIGH

Key Information:

Vendor: Wordpress
Status: TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme
Vendor: CVE Published:; 29 December 2023

What is CVE-2023-50892?

An input validation vulnerability exists in the TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme, allowing for reflected cross-site scripting attacks. This vulnerability can be exploited during web page generation, potentially leading to unauthorized data access or manipulation for users of the affected versions. It is crucial for users to apply necessary patches and maintain updated versions to protect against such threats.

Affected Version(s)

TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme <= 5.9.1

References

https://patchstack.com/database/vulnerability/thegem/word...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 29, 2023
Vulnerability Reserved
Dec 15, 2023

Credit

Rafie Muhammad (Patchstack)