cleantalk
Vulnerabilities and Security Researches

Image Comparison Addon for Elementor, CVE-2025-10896

CVE, Research URL

CVE-2025-10896

Home page URL

Security reports for Image Comparison Addon for Elementor

Application

Image Comparison Addon for Elementor

Published on
Nov 04, 2025
Research Description
Multiple plugins for WordPress with the Jewel Theme Recommended Plugins Library are vulnerable to Unrestricted Upload of File with Dangerous Type via arbitrary plugin installation in all versions up to, and including, 1.0.2.3. This is due to missing capability checks on the '*_recommended_upgrade_plugin' function which allows arbitrary plugin URLs to be installed. This makes it possible for authenticated attackers with subscriber-level access and above to upload arbitrary plugin packages to the affected site's server via a crafted plugin URL, which may make remote code execution possible.
Affected versions
max 1.0.2.2.
Status
vulnerable
Previous vulnerability researches
WP Statistics (CVE-2025-9816) , Nov 10, 2025
WP Statistics , May 27, 2025
WP Statistics (CVE-2025-55716) , Aug 16, 2025
WP Statistics (CVE-2022-25149) , Jun 07, 2024
WP Statistics (CVE-2022-25307) , Jun 07, 2024
New vulnerability
BackWPup – WordPress Backup Plugin (CVE-2025-10579) , Nov 10, 2025
URLYar URL Shortner (CVE-2025-10133) , Nov 10, 2025
Dropify (CVE-2025-53286) , Nov 10, 2025
Woocommerce Category and Products Accordion Panel (CVE-2025-11722) , Nov 10, 2025
User Registration Aide (CVE-2025-53239) , Nov 10, 2025