On May 4th, 2025, we received a submission for an Arbitrary File Upload vulnerability in TheGem, a WordPress theme with more than 82,000 sales. This vulnerability can be used by authenticated attackers, with subscriber-level access and above, to upload arbitrary files to a vulnerable site and achieve remote code execution, which is typically leveraged for a complete site takeover.
The post 82,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in TheGem WordPress Theme appeared first on Wordfence.
This article has been indexed from Blog – Wordfence