PatchSiren cyber security CVE debrief
CVE-2026-57804 CodexThemes CVE debrief
CVE-2026-57804 is a PHP Local File Inclusion vulnerability in TheGem Theme Elements (for Elementor) due to improper control of filename for include/require statements. This issue affects TheGem Theme Elements (for Elementor) from n/a through <= 5.11.1 with a CVSS score of 7.5. The vulnerability allows attackers to include local files, potentially leading to code execution. Users of TheGem Theme Elements (for Elementor) version 5.11.1 or earlier should apply updates to mitigate this HIGH severity vulnerability.
- Vendor
- CodexThemes
- Product
- TheGem Theme Elements (for Elementor)
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of TheGem Theme Elements (for Elementor) version 5.11.1 or earlier should apply updates to mitigate this HIGH severity vulnerability. Operators, administrators, and security teams responsible for TheGem Theme Elements (for Elementor) deployments should review and apply patches. Vulnerability management and security teams should prioritize this update.
Technical summary
CVE-2026-57804 is a PHP Local File Inclusion vulnerability in TheGem Theme Elements (for Elementor) due to improper control of filename for include/require statements. This issue affects TheGem Theme Elements (for Elementor) from n/a through <= 5.11.1 with a CVSS score of 7.5. The vulnerability allows attackers to include local files, potentially leading to code execution. TheGem Theme Elements (for Elementor) version 5.11.1 or earlier is affected.
Defensive priority
Apply updates for TheGem Theme Elements (for Elementor) to prevent local file inclusion attacks. Prioritize vulnerability management and security teams to review and apply patches.
Recommended defensive actions
- Apply updates for TheGem Theme Elements (for Elementor) to version 5.11.2 or later.
- Inventory and verify installed versions of TheGem Theme Elements (for Elementor).
- Monitor for unusual file access patterns.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Evidence notes
Patchstack reported this vulnerability. Official CVE and NVD records provide additional context. TheGem Theme Elements (for Elementor) version 5.11.1 or earlier is affected. Users should verify installed versions and apply updates. Defensive verification tasks include reviewing official advisories and tracking exceptions.
Official resources
-
CVE-2026-57804 CVE record
CVE.org
-
CVE-2026-57804 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:44.687Z and has not been modified since then.