What the vulnerability does
01Description
Missing Authorization vulnerability in CodexThemes TheGem Demo Import (for WPBakery) thegem-importer.This issue affects TheGem Demo Import (for WPBakery): from n/a through <= 5.10.5.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
What the vulnerability does
Missing Authorization vulnerability in CodexThemes TheGem Demo Import (for WPBakery) thegem-importer.This issue affects TheGem Demo Import (for WPBakery): from n/a through <= 5.10.5.
Explanation of Vulnerability in Simple Terms
TheGem Demo Import plugin for WPBakery does not properly check user permissions before allowing certain actions. A logged-in user with low privileges can trigger a denial-of-service condition that makes the site unavailable. The vulnerability affects versions up to 5.10.5.
What an attacker can do
Make the site unavailable or unresponsive by triggering resource exhaustion.
Potential impact on your site
Site downtime or performance degradation if a low-privilege user account is compromised or misused.
Conditions required to exploit
Attacker must have a low-privilege user account (e.g., subscriber or contributor role).
Key dates
External resources
Related vulnerabilities