Thursday, May 15, 2025
Advertisements

Over 82,000 WordPress Sites at Risk from Critical Remote Code Execution Vulnerabilities

by Charline
written by Charline

The issues affect TheGem theme versions 5.10.3 and earlier. Experts found two connected vulnerabilities that, when combined, allow attackers to perform remote code execution. This could lead to complete site compromise.

According to a report by Wordfence, attackers can exploit these flaws to upload malicious PHP files to the site’s public uploads folder. They can then access these files to trigger remote code execution.

Advertisements

Details of the Vulnerabilities

Critical File Upload Vulnerability (CVE-2025-4317)

The first vulnerability, with a CVSS score of 8.8, involves arbitrary file uploads. The flaw lies in the thegem_get_logo_url() function, which fails to validate file types. This allows authenticated users with subscriber-level access to upload harmful files.

Advertisements

The vulnerable code downloads files without checking their type. As a result, attackers can upload malicious PHP files to the server.

Advertisements

Theme Options Modification Vulnerability (CVE-2025-4339)

The second vulnerability has a CVSS score of 4.3. It arises from missing authorization checks in the ajaxApi() function. Though this function uses a nonce check, it does not verify user capabilities properly.

Advertisements

This flaw lets subscriber-level users change theme settings, including setting the logo URL to a malicious file.

Attack Chain Explained

Security researchers have outlined how attackers can combine these two vulnerabilities:

  • First, attackers use CVE-2025-4339 to change the logo URL setting to a malicious PHP file.
  • Next, when the website loads the logo, the thegem_get_logo_url() function downloads the malicious file without checking it.
  • Finally, attackers access the uploaded file and execute arbitrary code, potentially taking full control of the website.

Urgent Action Required

The vulnerabilities were reported to CodexThemes, the developers of TheGem. A patched version, 5.10.3.1, was released on May 7, 2025.

“We urge users to update their sites with the latest patched version of TheGem, version 5.10.3.1 at the time of this writing, as soon as possible,” warned the Wordfence security team.

Wordfence Premium users have been protected against these exploits since May 5, 2025. Free users will receive protection starting June 4, 2025.

Recommended Steps for Website Owners

Website administrators using TheGem theme should take the following steps immediately:

  • Update TheGem theme to version 5.10.3.1 or newer.
  • Implement a web application firewall (WAF) to block malicious traffic.
  • Review user roles and permissions to limit access.
  • Monitor server logs for any suspicious activity.

Wider Impact and Security Reminder

WordPress powers about 43% of all websites globally. Vulnerabilities in popular themes like TheGem pose serious security risks and can have far-reaching effects.

This incident highlights the need for regular software updates, careful user permission management, and strong security measures such as web application firewalls.

You Might Also Like
Advertisements
blank

Charline is the editor of ProxyServerPro's platform. She is a digital privacy and proxy solutions expert with over 10 years of experience writing and editing content related to online security, browsing solutions, and data protection. Charline has contributed to various tech publications and worked closely with professionals and businesses to enhance their understanding of proxies, internet anonymity, and digital security. Prior to joining ProxyServerPro, she worked at leading digital security firms, where she helped produce educational content aimed at helping users navigate the complexities of the online world with confidence and security.

You may also like

Adobe Photoshop Vulnerability Allows Arbitrary Code Execution

Earth Ammit Hackers Launch Advanced Attacks on Military Drone Supply Chains

Chinese Hackers Exploit SAP NetWeaver 0-Day to Target Critical Infrastructure

Google Threat Intelligence Launches New Technique to Detect Malicious .Desktop Files

Microsoft Warns of AD CS Vulnerability Allowing Network-Based Denial-of-Service Attacks

FortiVoice 0-Day Vulnerability Exploited to Execute Arbitrary Code

blank

At ProxyServerPro, we are dedicated to providing cutting-edge proxy solutions tailored to meet the diverse needs of businesses and individuals. Our platform offers a comprehensive range of high-performance proxies, including residential, datacenter, and mobile options, ensuring seamless browsing, data scraping, and online anonymity. With a focus on reliability, speed, and security, we empower users to navigate the digital landscape with confidence. Whether you’re managing ad verification, market research, or web automation, ProxyServerPro is your trusted partner for scalable, efficient, and secure proxy services. Explore our portal to discover how we can elevate your online experience.

popular recommendation

What is CroxyProxy?
What is a Web Proxy Server? Types, Benefits & Use Cases
What is FoxyProxy? Features, Benefits & Use Cases
11 Nation-State Groups Exploit Microsoft Zero-Day Flaw

Useful Links

TAGS

© 2024 Copyright  proxyserverpro.com