Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CodexThemes — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting CodexThemes. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CodexThemes develops WordPress themes and website templates for businesses and individuals. Historically, their products have frequently contained vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws, contributing to 19 recorded CVEs. Many issues stem from insufficient input validation and improper access controls in theme files. While no major public security incidents have been documented, the consistent pattern of vulnerabilities suggests ongoing challenges in secure development practices. Users should implement strict access controls and keep themes updated to mitigate risks associated with these recurring security weaknesses in their WordPress themes.

Top products by CodexThemes: TheGem (Elementor) TheGem Theme Elements (for Elementor) TheGem TheGem Theme Elements (for WPBakery) TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme TheGem Demo Import (for WPBakery)
CVE IDTitleCVSSSeverityPublished
CVE-2026-42410 WordPress TheGem theme Elements (for Elementor) plugin < 5.12.1.1 - Cross Site Scripting (XSS) vulnerability — TheGem Theme Elements (for Elementor)CWE-79 6.5 Medium2026-04-27
CVE-2025-69357 WordPress TheGem Theme Elements (for Elementor) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerability — TheGem Theme Elements (for Elementor)CWE-79 6.5 Medium2026-01-06
CVE-2025-69360 WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.11.0 - Cross Site Scripting (XSS) vulnerability — TheGem Theme Elements (for WPBakery)CWE-79 6.5 Medium2026-01-06
CVE-2025-69356 WordPress TheGem Theme Elements (for Elementor) plugin <= 5.11.0 - Local File Inclusion vulnerability — TheGem Theme Elements (for Elementor)CWE-98 7.5 High2026-01-06
CVE-2023-32238 WordPress TheGem theme < 5.8.1.1 - Broken Access Control vulnerability — TheGem (Elementor) 5.4 Medium2025-12-29
CVE-2025-68559 WordPress TheGem Theme Elements (for Elementor) plugin <= 5.10.5.1 - Cross Site Scripting (XSS) vulnerability — TheGem Theme Elements (for Elementor)CWE-79 6.5 Medium2025-12-23
CVE-2025-68560 WordPress TheGem Theme Elements (for Elementor) plugin <= 5.10.5.1 - Local File Inclusion vulnerability — TheGem Theme Elements (for Elementor)CWE-98 7.5 High2025-12-23
CVE-2025-62046 WordPress TheGem Demo Import (for WPBakery) plugin <= 5.10.5 - Arbitrary Content Deletion vulnerability — TheGem Demo Import (for WPBakery)CWE-862 6.5 Medium2025-11-06
CVE-2025-62045 WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.10.5.1 - Local File Inclusion vulnerability — TheGem Theme Elements (for WPBakery)CWE-98 8.1 High2025-11-06
CVE-2025-62041 WordPress TheGem (Elementor) theme <= 5.10.5.1 - Cross Site Scripting (XSS) vulnerability — TheGem (Elementor)CWE-79 7.1 High2025-11-06
CVE-2025-62044 WordPress TheGem Theme Elements (for WPBakery) plugin <= 5.10.5.1 - Cross Site Scripting (XSS) vulnerability — TheGem Theme Elements (for WPBakery)CWE-79 6.5 Medium2025-11-06
CVE-2025-62011 WordPress TheGem theme <= 5.10.5 - Cross Site Scripting (XSS) vulnerability — TheGemCWE-79 6.5 Medium2025-11-06
CVE-2025-62012 WordPress TheGem (Elementor) theme <= 5.10.5 - Cross Site Scripting (XSS) vulnerability — TheGem (Elementor)CWE-79 6.5 Medium2025-11-06
CVE-2025-60097 WordPress TheGem Theme <= 5.10.5 - Broken Access Control Vulnerability — TheGemCWE-862 5.4 Medium2025-09-26
CVE-2025-60096 WordPress TheGem (Elementor) Theme <= 5.10.5 - Broken Access Control Vulnerability — TheGem (Elementor)CWE-862 5.4 Medium2025-09-26
CVE-2025-4339 TheGem <= 5.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Theme Options Update — TheGemCWE-862 4.3 Medium2025-05-13
CVE-2025-4317 TheGem <= 5.10.3 - Authenticated (Subscriber+) Arbitrary File Upload — TheGemCWE-434 8.8 High2025-05-13
CVE-2023-32237 Auth. Stored Cross-Site Scripting (XSS) vulnerability in TheGem theme by CodexThemes — TheGem (Elementor)CWE-79 5.4 Medium2024-03-26
CVE-2023-50892 WordPress TheGem Theme <= 5.9.1 is vulnerable to Cross Site Scripting (XSS) — TheGem - Creative Multi-Purpose & WooCommerce WordPress ThemeCWE-79 7.1 High2023-12-29

This page lists every published CVE security advisory associated with CodexThemes. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.