CVE-2025-4317 | TheGem Plugin up to 5.10.3 on WordPress thegem_get_logo_url unrestricted upload

May 12, 2025 Yanac

A vulnerability was found in TheGem Plugin up to 5.10.3 on WordPress and classified as critical. Affected by this issue is the function thegem_get_logo_url. The manipulation leads to unrestricted upload.

This vulnerability is handled as CVE-2025-4317. The attack may be launched remotely. There is no exploit available.VulDB Recent EntriesRead More

CVE-2025-47658 | elextensions ELEX WordPress HelpDesk & Customer Ticketing System Plugin unrestricted upload
CVE-2025-4339 | TheGem Plugin up to 5.10.3 on WordPress ajaxApi authorization