Critical severity9.8NVD Advisory· Published Aug 19, 2025· Updated Apr 15, 2026

CVE-2025-8723

Description

The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hook_rest_pre_dispatch() method in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject arbitrary PHP into the codebase, achieving remote code execution.

Affected products

WordPress/Cf Image Resizingreferences
Package: https://wordpress.org/plugins/cf-image-resizing

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

plugins.trac.wordpress.org/changeset/3337593/nvd
plugins.trac.wordpress.org/changeset/3341917/nvd
wordpress.org/plugins/cf-image-resizing/nvd
www.wordfence.com/threat-intel/vulnerabilities/id/0f3b3c1a-1d45-4e2f-854a-171fe759257bnvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000