Wordfence's 2024 security report highlights a critical Arbitrary File Upload vulnerability in TheGem WordPress theme (v5.10.3 and below), allowing authenticated attackers to upload malicious files for remote code execution. Discovered by researcher Foxyyy through the Bug Bounty Program, it earned a $1,405 reward. A patch was released on May 7, 2025. Wordfence offers immediate firewall protection for premium users, with a rollout for free users on June 4, 2025. Wordfence urges users to update to version 5.10.3.1 to mitigate this risk.
82,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in TheGem WordPress Theme
