JavaScript Backdoor Vulnerability in Pixterme Plugins for WordPress
CVE-2025-8047

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Disable-right-click-powered-by-pixterme; Pixter-image-digital-license
Vendor: CVE Published:; 14 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-8047?

The disable-right-click-powered-by-pixterme (v1.2) and pixter-image-digital-license (v1.0) WordPress plugins contain a significant vulnerability. These plugins inadvertently load a compromised JavaScript file sourced from an abandoned S3 bucket. This malicious file can serve as a backdoor, allowing unauthorized access to the affected systems. Currently, it displays an alert promoting security services, and users can be added to a list of allowed domains, thereby silencing the alert upon payment, raising serious concerns about user data safety and plugin integrity.

Affected Version(s)

disable-right-click-powered-by-pixterme 0 <= 1.2

pixter-image-digital-license 0 <= 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-8047 - Proof of Concept

References

https://wpscan.com/vulnerability/a0c70b98-a3f9-4d4c-a25f-...

exploitvdb-entrytechnical-description

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 14, 2025
👾
Exploit known to exist
Aug 14, 2025
Vulnerability published
Aug 14, 2025
Vulnerability Reserved
Jul 22, 2025

Credit

Mike Gozdiskowski

WPScan