CVE-2025-8625

Name of the Vulnerable Software and Affected Versions Copypress Rest API plugin for WordPress versions 1.1 through 1.2

Description The Copypress Rest API plugin for WordPress is susceptible to Remote Code Execution through the copyreap handle image() function. The plugin utilizes a hard-coded JWT signing key when a secret is not defined and lacks restrictions on the types of files that can be fetched and saved as attachments. This allows unauthenticated attackers to forge a valid token, gain elevated privileges, and upload arbitrary files, such as PHP scripts, through the image handler, ultimately leading to remote code execution.

Recommendations Update Copypress Rest API plugin to a version newer than 1.2.