What the vulnerability does
01Description
The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreap_handle_image() Function in versions 1.1 to 1.2. The plugin falls back to a hard-coded JWT signing key when no secret is defined and does not restrict which file types can be fetched and saved as attachments. As a result, unauthenticated attackers can forge a valid token to gain elevated privileges and upload an arbitrary file (e.g. a PHP script) through the image handler, leading to remote code execution.
Explanation of Vulnerability in Simple Terms
02Summary
Copypress Rest API versions 1.1 through 1.2 contain a use of hard-coded cryptographic key vulnerability (CWE-321). An attacker with network access can exploit this flaw without authentication to read sensitive data, modify site content, or disrupt service. The vulnerability affects the API's cryptographic operations and requires no user interaction.
What an attacker can do
03Attacker Capabilities
Read sensitive data, modify content, or disrupt service without authentication.
Potential impact on your site
04Site Impact
Attackers can access, modify, or delete data and functionality through the REST API without logging in.
Conditions required to exploit
05Prerequisites
Network access to the vulnerable API endpoint; no authentication required.
Key dates
06Disclosure timeline
September 30, 2025
CVE published
September 30, 2025
Record updated