PT-2025-33146 · WordPress · Disable-Right-Click-Powered-By-Pixterme+1
Mike Gozdiskowski
·
Published
2025-08-14
·
Updated
2025-08-16
·
CVE-2025-8047
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Disable-right-click-powered-by-pixterme versions through 1.2
pixter-image-digital-license versions through 1.0
Description:
The Disable-Right-Click and Pixter Image Digital License WordPress plugins load a compromised JavaScript file from an abandoned S3 bucket. This allows unauthorized access and potential control of the plugin by the entity controlling the compromised bucket. Currently, the compromised file displays an alert marketing security services, with users who pay being added to allowedDomains to suppress the popup.
Recommendations:
Disable-right-click-powered-by-pixterme versions prior to 1.2 should be updated.
pixter-image-digital-license versions prior to 1.0 should be updated.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Disable-Right-Click-Powered-By-Pixterme
Pixter-Image-Digital-License