Local File Inclusion Vulnerability in TheGem Theme Elements for Elementor by CodexThemes
CVE-2026-57804
7.5HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 13 July 2026
What is CVE-2026-57804?
TheGem Theme Elements for Elementor has a vulnerability that allows attackers to execute malicious scripts via improper control of filenames in include or require statements. This issue enables PHP local file inclusion, posing significant risks to website integrity and security. Users of TheGem Theme Elements versions up to 5.11.1 are urged to apply the necessary patches to mitigate potential attacks.
Affected Version(s)
TheGem Theme Elements (for Elementor) 0 <= 5.11.1
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program