The Copypress Rest API plugin for WordPress, specifically versions 1.1 and 1.2, contains a critical vulnerability identified as CVE-2025-8625. This vulnerability arises from the plugin's fallback to a hard-coded JWT signing key when no secret key is configured by the administrator. JWT tokens are used for authentication and authorization; thus, the use of a hard-coded key allows unauthenticated attackers to forge valid JWT tokens. The vulnerability is compounded by the copyreap_handle_image() function, which does not enforce adequate restrictions on the types of files that can be fetched and saved as attachments. Consequently, attackers can upload arbitrary files, including executable PHP scripts, by exploiting this function. This leads to remote code execution (RCE) on the server hosting the WordPress site. The vulnerability requires no authentication or user interaction, making it highly exploitable remotely over the network. The CVSS 3.1 base score of 9.8 reflects the vulnerability's critical impact on confidentiality, integrity, and availability. Although no patches have been released yet and no exploits are publicly known, the risk is significant due to the plugin's use in WordPress environments and the severity of the flaw.

Successful exploitation of CVE-2025-8625 allows attackers to gain elevated privileges on affected WordPress sites without any authentication. This can lead to full system compromise through remote code execution, enabling attackers to execute arbitrary commands, install malware, create backdoors, or pivot within the network. The confidentiality of sensitive data stored on the site or server can be breached, integrity of website content and configurations can be altered, and availability can be disrupted by destructive payloads or denial-of-service conditions. Given WordPress's widespread use globally, this vulnerability poses a significant risk to websites relying on the Copypress Rest API plugin, potentially impacting e-commerce, corporate, and governmental sites. The lack of authentication and user interaction requirements makes automated exploitation feasible, increasing the likelihood of widespread attacks once exploit code becomes available.

Until an official patch is released, organizations should immediately disable or uninstall the Copypress Rest API plugin versions 1.1 and 1.2 to eliminate exposure. If disabling the plugin is not feasible, restrict access to the WordPress REST API endpoints related to the plugin using web application firewalls (WAFs) or network access controls to block unauthenticated requests. Administrators should verify that no hard-coded JWT keys are in use and configure strong, unique secrets for JWT signing if the plugin supports it. Implement strict file upload validation and filtering at the web server or application level to prevent uploading executable files such as PHP scripts. Monitor logs for suspicious activity related to JWT token usage and file uploads. Employ intrusion detection systems (IDS) to detect anomalous behavior indicative of exploitation attempts. Finally, maintain regular backups of website data and configurations to enable recovery in case of compromise.