Home

Description

The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreap_handle_image() Function in versions 1.1 to 1.2. The plugin falls back to a hard-coded JWT signing key when no secret is defined and does not restrict which file types can be fetched and saved as attachments. As a result, unauthenticated attackers can forge a valid token to gain elevated privileges and upload an arbitrary file (e.g. a PHP script) through the image handler, leading to remote code execution.

PUBLISHED Reserved 2025-08-05 | Published 2025-09-30 | Updated 2025-09-30 | Assigner Wordfence




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-321 Use of Hard-coded Cryptographic Key

Product status

Default status
unaffected

1.1
affected

Timeline

2025-09-29:Disclosed

Credits

Kenneth Dunn finder

References

www.wordfence.com/...-4095-48e5-8d9d-16a091e69d54?source=cve

wordpress.org/plugins/copypress-rest-api/

cve.org (CVE-2025-8625)

nvd.nist.gov (CVE-2025-8625)

Download JSON