WordPress Copypress Rest API plugin code execution vulnerability

WordPress Copypress Rest API plugin plugin is used to extend the functionality of WordPress plugin , by providing a RESTful interface to achieve data interaction . A code execution vulnerability exists in the WordPress Copypress Rest API plugin, which stems from the use of a hard-coded JWT signin...

Exploit for CVE-2025-8625

CVE-2025-8625 Copypress Rest API 1.1 - 1.2 - Missing Configura...

CVE-2025-8625

The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreaphandleimage Function in versions 1.1 to 1.2. The plugin falls back to a hard-coded JWT signing key when no secret is defined and does not restrict which file types can be fetched and saved as attachment...

CVE-2025-8625

The Copypress Rest API plugin for WordPress (versions 1.1–1.2) is vulnerable to Remote Code Execution due to a hard-coded JWT signing key when no secret is configured and lack of file-type validation, allowing unauthenticated attackers to forge tokens and upload arbitrary files (e.g., PHP shells)...

CVE-2025-8625 Copypress Rest API 1.1 - 1.2 - Missing Configurable JWT Secret and File-Type Validation to Unauthenticated Remote Code Execution

The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreaphandleimage Function in versions 1.1 to 1.2. The plugin falls back to a hard-coded JWT signing key when no secret is defined and does not restrict which file types can be fetched and saved as attachment...

CVE-2025-8625 Copypress Rest API 1.1 - 1.2 - Missing Configurable JWT Secret and File-Type Validation to Unauthenticated Remote Code Execution

The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreaphandleimage Function in versions 1.1 to 1.2. The plugin falls back to a hard-coded JWT signing key when no secret is defined and does not restrict which file types can be fetched and saved as attachment...

WordPress Copypress Rest API plugin 1.1-1.2 - Unauthenticated Remote Code Execution vulnerability

Unauthenticated Remote Code Execution vulnerability discovered by kr0d in WordPress Plugin Copypress Rest API versions 1.1-1.2...

PT-2025-39945

Name of the Vulnerable Software and Affected Versions Copypress Rest API plugin for WordPress versions 1.1 through 1.2 Description The Copypress Rest API plugin for WordPress is susceptible to Remote Code Execution through the copyreap handle image function. The plugin utilizes a hard-coded JWT...