What the vulnerability does
01Description
Vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery).This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
What the vulnerability does
Vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery).This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1.
Explanation of Vulnerability in Simple Terms
TheGem Elementor theme versions before 5.8.1.1 contain an authorization flaw allowing authenticated users with low privileges to read and modify data they should not access. An attacker with a basic user account can view sensitive information and make unauthorized changes to site content or settings. Update to version 5.8.1.1 or later to patch this vulnerability.
What an attacker can do
Read and modify data belonging to other users or restricted site areas.
Potential impact on your site
Unauthorized users can access and alter sensitive content, user data, or site configuration.
Conditions required to exploit
Attacker must have a low-privilege user account on the site; no user interaction required.
Key dates
External resources