Local File Inclusion Vulnerability in TheGem Theme Elements for Elementor by CodexThemes
CVE-2026-57804

7.5HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
13 July 2026

What is CVE-2026-57804?

TheGem Theme Elements for Elementor has a vulnerability that allows attackers to execute malicious scripts via improper control of filenames in include or require statements. This issue enables PHP local file inclusion, posing significant risks to website integrity and security. Users of TheGem Theme Elements versions up to 5.11.1 are urged to apply the necessary patches to mitigate potential attacks.

Affected Version(s)

TheGem Theme Elements (for Elementor) 0 <= 5.11.1

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program
.