CVE-2025-10896

🗓️ 04 Nov 2025 04:27:13Reported by WordfenceType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 9 Views

CVE-2025-10896 allows subscribers to upload arbitrary plugins via missing checks in Jewel Theme Library, risking remote code execution.

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2025-10896	4 Nov 202507:42	–	circl
CNNVD	WordPress plugin多款产品安全漏洞	4 Nov 202500:00	–	cnnvd
Cvelist	CVE-2025-10896 Multiple Plugins <= Multiple Versions - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload	4 Nov 202504:27	–	cvelist
EUVD	EUVD-2025-37604	4 Nov 202504:27	–	euvd
NVD	CVE-2025-10896	4 Nov 202505:15	–	nvd
Patchstack	WordPress Master Blocks plugin <= 1.4.1.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Upload vulnerability	4 Nov 202512:39	–	patchstack
Patchstack	WordPress Image Hover Effects for Elementor plugin <= 1.0.2.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Upload vulnerability	4 Nov 202512:38	–	patchstack
Patchstack	WordPress Image Comparison Addon for Elementor plugin <= 1.0.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Upload vulnerability	4 Nov 202512:36	–	patchstack
Patchstack	WordPress Content Locker for Elementor plugin <= 1.0.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Upload vulnerability	4 Nov 202508:35	–	patchstack
Positive Technologies	PT-2025-44934	4 Nov 202500:00	–	ptsecurity

Vulners

Node

litonice13 image_comparison_addon_for_elementorRange≤1.0.2.2wordpress

litonice13 image_hover_effects_for_elementorRange≤1.0.2.3wordpress

litonice13 content_locker_for_elementorRange≤1.0.3wordpress

litonice13 master_blocks_ultimate_gutenberg_blocks_for_marketersRange≤1.4.1.3wordpress

[
  {
    "vendor": "litonice13",
    "product": "Image Comparison Addon for Elementor",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.0.2.2",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "litonice13",
    "product": "Image Hover Effects for Elementor",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.0.2.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "litonice13",
    "product": "Content Locker for Elementor",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.0.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "litonice13",
    "product": "Master Blocks – Ultimate Gutenberg Blocks for Marketers",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "1.4.1.3",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/changeset
plugins	www.plugins.trac.wordpress.org/browser/image-hover-effects-elementor-addon/tags/1.0.2.3/Libs/Recommended.php
plugins	www.plugins.trac.wordpress.org/changeset
plugins	www.plugins.trac.wordpress.org/changeset
plugins	www.plugins.trac.wordpress.org/browser/image-hover-effects-elementor-addon/tags/1.0.2.3/Libs/Recommended.php
plugins	www.plugins.trac.wordpress.org/changeset
plugins	www.plugins.trac.wordpress.org/browser/image-hover-effects-elementor-addon/tags/1.0.2.3/Libs/Assets.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/0ff3a292-3924-4823-867a-fedb2c1cdd00

15 Apr 2026 00:35Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.18.8

EPSS0.00517

SSVC

CWE-862