CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for WPBakery) thegem-elements allows DOM-Based XSS.This issue affects TheGem Theme Elements (for WPBakery): from n/a through <= 5.11.0.
Explanation of Vulnerability in Simple Terms
TheGem Theme Elements for WPBakery contains a stored cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicious scripts. When a victim with sufficient permissions views the affected content, the injected script executes in their browser. This can lead to unauthorized actions, data theft, or account compromise. Update to a version newer than 5.11.0.
What an attacker can do
Inject malicious scripts that execute when other users view the affected content.
Potential impact on your site
Attackers with user accounts can compromise other users' sessions or steal sensitive data from your site.
Conditions required to exploit
Attacker needs a WordPress account with low-level permissions and the victim must view the page containing the injected script.
Key dates
External resources
Related vulnerabilities
