Cross-Site Scripting Vulnerability in TheGem Theme by CodexThemes
CVE-2025-62012

Currently unrated

Key Information:

Vendor

WordPress
Status
Thegem (elementor)
Vendor
CVE Published:
6 November 2025

What is CVE-2025-62012?

This vulnerability allows attackers to exploit improper input neutralization during web page generation within TheGem Theme by CodexThemes. Specifically, versions of TheGem (Elementor) up to and including 5.10.5 are affected, enabling malicious scripts to be injected into web pages viewed by users. Such exploitation can lead to unauthorized information disclosure and potential compromise of user accounts, making it critical for website administrators to address this issue.

Affected Version(s)

TheGem (Elementor) <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Theme/thege...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafie Muhammad (Patchstack)
JSON
.
CVE-2025-62012 : Cross-Site Scripting Vulnerability in TheGem Theme by CodexThemes