CVE-2025-10896

Name of the Vulnerable Software and Affected Versions WordPress plugins with the Jewel Theme Recommended Plugins Library versions up to and including 1.0.2.3

Description The software is susceptible to unrestricted file upload due to missing capability checks within the * recommended upgrade plugin function. This allows authenticated attackers with subscriber-level access or higher to upload arbitrary plugin packages to the server by using a crafted plugin URL, potentially leading to remote code execution.

Recommendations Update to a version beyond 1.0.2.3.