Arbitrary File Upload Vulnerability in TheGem Theme by WordPress
CVE-2025-4317
8.8HIGH
What is CVE-2025-4317?
TheGem theme for WordPress has a vulnerability that allows authenticated users with Subscriber-level access or higher to upload arbitrary files due to inadequate file type validation in the thegem_get_logo_url() function. This loophole enables potential attackers to execute arbitrary code on the server, posing a significant security risk for websites utilizing this theme. To mitigate this risk, users are urged to apply the latest updates and implement strict file upload policies.
Affected Version(s)
TheGem * <= 5.10.3