cleantalk
Vulnerabilities and Security Researches

Image Comparison Addon for Elementor, CVE-2025-10896

CVE, Research URL

CVE-2025-10896

Home page URL

Security reports for Image Comparison Addon for Elementor

Application

Image Comparison Addon for Elementor

Published on
Nov 04, 2025
Research Description
Multiple plugins for WordPress with the Jewel Theme Recommended Plugins Library are vulnerable to Unrestricted Upload of File with Dangerous Type via arbitrary plugin installation in all versions up to, and including, 1.0.2.3. This is due to missing capability checks on the '*_recommended_upgrade_plugin' function which allows arbitrary plugin URLs to be installed. This makes it possible for authenticated attackers with subscriber-level access and above to upload arbitrary plugin packages to the affected site's server via a crafted plugin URL, which may make remote code execution possible.
Affected versions
max 1.0.2.2.
Status
vulnerable
Previous vulnerability researches
Post Grid for Elementor & Product Grid | PowerGrids (513b8cac04964f7c742c50353b32f41d519b21a5) , Jun 07, 2024
New vulnerability
Top Bar Notification (CVE-2025-12412) , Nov 10, 2025
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2025-7526) , Nov 10, 2025
WP Travel Engine – Best Travel Booking WordPress Plugin (CVE-2025-7634) , Nov 10, 2025
Podlove Web Player (CVE-2025-62908) , Nov 10, 2025
Simple Content Templates for Blog Posts & Pages (CVE-2025-62958) , Nov 10, 2025