Attack Vectors

CVE-2025-60097 is a Medium severity (CVSS 4.3) missing authorization issue in the TheGem WordPress theme (slug: thegem) affecting versions up to and including 5.10.5. An attacker must be authenticated—even a subscriber-level account is sufficient—so common entry points include compromised low-privilege user accounts, shared credentials, or unnecessary user accounts that were never removed.

Because no user interaction is required (UI:N in the CVSS vector), the risk is higher in organizations that allow public registration, run promotions requiring user accounts, or maintain large email lists with subscriber access to gated content.

Security Weakness

TheGem contains a function missing a required capability check in versions up to 5.10.5. In practical terms, this means the theme may allow an authenticated user to trigger an action they should not be allowed to perform based on their role. Wordfence’s advisory indicates this can be exploited by users with subscriber access and above, but the specific unauthorized action is not described in the provided source.

Reference: CVE-2025-60097 and the source advisory from Wordfence. Remediation is to update TheGem to 5.10.5.1 or a newer patched version.

Technical or Business Impacts

Even at Medium severity, missing authorization vulnerabilities can create meaningful business exposure because they bypass normal “who is allowed to do what” controls. If a subscriber-level account is abused, organizations may face content integrity risks (unauthorized changes), operational disruption from unexpected actions inside WordPress, and downstream brand impact if site content, landing pages, or customer-facing messaging is altered without approval.

From a leadership and compliance perspective, this can translate into: increased incident response costs, marketing campaign disruption (changed pages, broken tracking, altered CTAs), loss of trust with customers and partners, and potential audit findings if access control weaknesses are shown to be unaddressed. Priority actions should include upgrading TheGem to 5.10.5.1+, reviewing all subscriber accounts (remove or downgrade where possible), enforcing strong authentication practices, and checking logs for unusual activity originating from low-privilege users.

Similar attacks: access control weaknesses and compromised low-privilege accounts frequently play a role in broader incidents. Public examples include the MOVEit Transfer mass exploitation (CISA advisory), the Kaseya VSA ransomware incident (CISA advisory), and the Equifax data breach settlement information (FTC).