VYPR

Copypress REST API

by WordPress

Source repositories

CVEs (1)

  • CVE-2025-8625CriSep 30, 2025
    risk 0.64cvss 9.8epss 0.01

    The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreap_handle_image() Function in versions 1.1 to 1.2. The plugin falls back to a hard-coded JWT signing key when no secret is defined and does not restrict which file types can be fetched…