CVE-2023-32238 MEDIUM

CVE-2023-32238: WordPress TheGem theme < 5.8.1.1 - Broken Access Control vulnerability

Vendor Codexthemes
Product TheGem (Elementor)
Published December 29, 2025
Last update April 28, 2026

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery).This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1.

Explanation of Vulnerability in Simple Terms

02Summary

TheGem Elementor theme versions before 5.8.1.1 contain an authorization flaw allowing authenticated users with low privileges to read and modify data they should not access. An attacker with a basic user account can view sensitive information and make unauthorized changes to site content or settings. Update to version 5.8.1.1 or later to patch this vulnerability.

What an attacker can do

03Attacker Capabilities

Read and modify data belonging to other users or restricted site areas.

Potential impact on your site

04Site Impact

Unauthorized users can access and alter sensitive content, user data, or site configuration.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege user account on the site; no user interaction required.

Key dates

06Disclosure timeline

December 29, 2025 CVE published
April 28, 2026 Record updated