CVE-2026-57804
Received Received - Intake

BaseFortify

Vulnerability report for CVE-2026-57804, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: Patchstack

Description

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor allows PHP Local File Inclusion.This issue affects TheGem Theme Elements (for Elementor): from n/a through <= 5.11.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
codexthemes thegem_elements to 5.11.1 (inc)
codexthemes thegem_elements_elementor From 5.0.0 (inc) to 5.11.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-98 The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The vulnerability in the WordPress TheGem Theme Elements (for Elementor) Plugin, versions 5.11.1 and below, is a Local File Inclusion (LFI) issue. It allows attackers to include and display local files from the target website by exploiting improper control of filenames in PHP include or require statements.

This means an attacker can potentially access sensitive files on the server, such as configuration files or database credentials, if the website's configuration permits it.

The vulnerability is classified under the OWASP Top 10 category A3: Injection and requires contributor-level privileges to exploit.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive information by allowing attackers to include and view local files on the server.

Such exposure might include database credentials or other confidential data, which can be used for further attacks or compromise of the website.

Although the CVSS score is 7.5 indicating high severity, the attack requires contributor-level privileges and high attack complexity.

The vulnerability is often exploited in mass campaigns targeting many websites, increasing the risk for affected sites.

There is currently no official patch available, so immediate updating or seeking assistance from hosting providers or developers is advised.

Detection Guidance

This vulnerability involves Local File Inclusion (LFI) in the TheGem Theme Elements (for Elementor) plugin, which allows attackers to include and display local files from the target website.

To detect this vulnerability on your system, you can look for suspicious HTTP requests attempting to include local files via parameters in URLs or POST data related to the plugin.

Common detection methods include monitoring web server logs for requests containing file inclusion patterns such as "../../" or attempts to access sensitive files like "/etc/passwd" or configuration files.

Example commands to search for suspicious requests in Apache or Nginx logs:

  • grep -i 'thegem' /var/log/apache2/access.log | grep -E '\.\./|etc/passwd'
  • grep -i 'thegem' /var/log/nginx/access.log | grep -E '\.\./|etc/passwd'

Additionally, you can use vulnerability scanners or web application scanners that support detection of Local File Inclusion vulnerabilities targeting WordPress plugins.

Mitigation Strategies

Immediate mitigation steps include updating the TheGem Theme Elements (for Elementor) plugin to the latest version if an update is available.

Since there is no official patch available yet for this vulnerability, users are advised to either update the plugin immediately when a patch is released or seek assistance from their hosting provider or web developer to apply temporary mitigations.

Other recommended actions include restricting access to sensitive files on the server, implementing Web Application Firewall (WAF) rules to block suspicious requests, and limiting contributor-level privileges to trusted users only.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57804. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart