CVE-2025-62041: 
WordPress vulnerability analysis and mitigation

A Cross-Site Scripting (XSS) vulnerability was discovered in CodexThemes TheGem (Elementor) WordPress theme, identified as CVE-2025-62041. The vulnerability was reported on October 12, 2025, affecting versions through 5.10.5.1 of TheGem (Elementor) theme. The issue was classified as an Improper Neutralization of Input During Web Page Generation vulnerability (Patchstack).

The vulnerability has been assigned a CVSS 3.1 base score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. It is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation). The vulnerability requires no authentication to exploit, making it particularly concerning (NVD, Patchstack).

This vulnerability could allow malicious actors to inject malicious scripts, including redirects, advertisements, and other HTML payloads into the affected website. These injected scripts would be executed when visitors access the site, potentially compromising user security and website integrity (Patchstack).

Users are advised to update to TheGem (Elementor) version 5.10.5.2 or later to resolve the vulnerability. Patchstack has issued a mitigation rule to block any attacks until users can update to the fixed version (Patchstack).