CVE-2025-62045
📋 TL;DR
This vulnerability allows remote attackers to include and execute arbitrary PHP files on servers running vulnerable versions of TheGem Theme Elements for WPBakery WordPress plugin. Attackers can achieve remote code execution by manipulating filename parameters in include/require statements. All WordPress sites using affected plugin versions are vulnerable.
💻 Affected Systems
- CodexThemes TheGem Theme Elements for WPBakery WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise leading to data theft, malware deployment, defacement, and lateral movement within the network.
Likely Case
Remote code execution allowing attackers to create backdoors, steal sensitive data, and use the server for malicious activities.
If Mitigated
Limited impact if proper file permissions, web application firewalls, and input validation are in place.
🎯 Exploit Status
Remote file inclusion vulnerabilities are commonly exploited and weaponized quickly in the wild.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 5.10.5.1
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'TheGem Theme Elements for WPBakery'. 4. Click 'Update Now' if available. 5. If no update available, deactivate and remove the plugin immediately.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable TheGem Theme Elements plugin until patched
wp plugin deactivate thegem-elements
Web Application Firewall rule
linuxBlock requests containing suspicious include/require parameters
ModSecurity rule: SecRule ARGS "@rx (include|require).*\.php" "id:1001,phase:2,deny,status:403"
🧯 If You Can't Patch
- Remove TheGem Theme Elements plugin completely from all WordPress installations
- Implement strict file permissions (644 for files, 755 for directories) and disable PHP execution in upload directories
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → TheGem Theme Elements for WPBakery → Version numberCheck Version:
wp plugin get thegem-elements --field=versionVerify Fix Applied:
Verify plugin version is greater than 5.10.5.1 and test with security scanning tools📡 Detection & Monitoring
Log Indicators:
- Unusual POST/GET requests with include/require parameters
- PHP error logs showing file inclusion failures
- Access to unusual PHP files in plugin directories
Network Indicators:
- HTTP requests with suspicious parameters like ?file= or ?include=
- Unexpected outbound connections from web server
SIEM Query:
source="web_logs" AND (uri="*include*" OR uri="*require*" OR uri="*file=*" OR uri="*page=*") AND status=200