CodexThemes TheGem Theme Improper Control of Filename Vulnerability in Elementor Integration

Vulnerability

A PHP remote file inclusion vulnerability has been identified in CodexThemes TheGem Theme Elements for Elementor, affecting versions prior to and including 5.10.5.1. This vulnerability arises from improper control of filenames in include or require statements, potentially allowing for the inclusion of malicious files.

Impact

Exploitation of this vulnerability could lead to remote file inclusion, allowing attackers to include files from remote servers and execute them on the server where the vulnerable theme is active.

Added: Dec 23, 2025, 12:20 PM

Updated: Dec 23, 2025, 3:08 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

1.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CodexThemes TheGem Theme Improper Control of Filename Vulnerability in Elementor Integration

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating