Hello, I just bought TheGem theme and my WP Scan mentions it has a severe vulnerability issue. After checking, I found that:
The TheGem theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the thegem_get_logo_url() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Hi, thank you for your purchase. This has been already fixed in the previous versions, may I ask you how did you get the older version of TheGem? If you download TheGem from your download section, you always get the latest version, and the current latest version is 5.11.0.
Please note if you comment on your ticket before we reply, your ticket will be pushed down of the tickets list.
Hello, I just bought TheGem theme and my WP Scan mentions it has a severe vulnerability issue. After checking, I found that:
The TheGem theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the thegem_get_logo_url() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Can you please let me know what this entails?
Hi, thank you for your purchase. This has been already fixed in the previous versions, may I ask you how did you get the older version of TheGem? If you download TheGem from your download section, you always get the latest version, and the current latest version is 5.11.0.
Please note if you comment on your ticket before we reply, your ticket will be pushed down of the tickets list.
Regards, Oliver