CNNVD-202509-4492 Information

CNNVD ID

CNNVD-202509-4492

Related CVE

CVE-2025-8625

• CNNVD Published: 2025-09-30

Description (Chinese)

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin Copypress Rest API 1.1版本至1.2版本存在安全漏洞，该漏洞源于使用硬编码JWT签名密钥且未限制可获取和保存的文件类型，可能导致远程代码执行。

Description (English)

WordPress and WordPressplugin are products of WordPress. WordPress is a blog platform developed in the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL-based servers. WordPress plugin is an application plugin. There is a security loophole in versions 1.1 to 1.2 of WordPressPlugin Copypress Rest API, which results from the use of a hard-coded JWT signature key without limiting the type of file that can be accessed and saved, which may result in remote code execution.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

WordPress

Published

2025-09-30

Last Modified

2026-02-24

References

https://wordpress.org/plugins/copypress-rest-api/#developers https://www.wordfence.com/threat-intel/vulnerabilities/id/3045c9e5-4095-48e5-8d9d-16a091e69d54?source=cve