CVE-2025-62046 MEDIUM

CVE-2025-62046: WordPress TheGem Demo Import (for WPBakery) plugin <= 5.10.5 - Arbitrary Content Deletion vulnerability

Vendor Codexthemes
Product TheGem Demo Import (for WPBakery)
Weakness CWE-862 · Missing authorization
Published November 6, 2025
Last update April 28, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Missing Authorization vulnerability in CodexThemes TheGem Demo Import (for WPBakery) thegem-importer.This issue affects TheGem Demo Import (for WPBakery): from n/a through <= 5.10.5.

Explanation of Vulnerability in Simple Terms

02Summary

TheGem Demo Import plugin for WPBakery does not properly check user permissions before allowing certain actions. A logged-in user with low privileges can trigger a denial-of-service condition that makes the site unavailable. The vulnerability affects versions up to 5.10.5.

What an attacker can do

03Attacker Capabilities

Make the site unavailable or unresponsive by triggering resource exhaustion.

Potential impact on your site

04Site Impact

Site downtime or performance degradation if a low-privilege user account is compromised or misused.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege user account (e.g., subscriber or contributor role).

Key dates

06Disclosure timeline

November 6, 2025 CVE published
April 28, 2026 Record updated

Related vulnerabilities

08Related CVE