CVE-2025-8723
BaseFortify
Publication date: 2025-08-19
Last updated on: 2025-08-19
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mecanik | cloudflare_image_resizing | 1.5.6 |
| mecanik | cloudflare_image_resizing | 1.5.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Cloudflare Image Resizing plugin for WordPress has a vulnerability that allows unauthenticated attackers to execute arbitrary PHP code remotely. This happens because the plugin's hook_rest_pre_dispatch() method lacks proper authentication and sanitization, enabling attackers to inject malicious PHP code into the plugin's codebase and achieve remote code execution.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including full compromise of the affected WordPress site. An attacker can run arbitrary PHP code remotely without authentication, potentially leading to data theft, site defacement, malware installation, or complete control over the server hosting the site. The CVSS score of 9.8 indicates a critical severity with high impact on confidentiality, integrity, and availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can focus on identifying if the vulnerable plugin version (up to and including 1.5.6) is installed on your WordPress site. Since the vulnerability allows unauthenticated remote code execution via the hook_rest_pre_dispatch() method, monitoring for unusual REST API requests or unexpected PHP code execution related to this plugin could help. Specific commands are not provided in the resources, but checking the plugin version via WordPress dashboard or by inspecting the plugin files (e.g., via command line: `grep -r 'Version: 1.5.6' wp-content/plugins/cf-image-resizing/`) can confirm if the vulnerable version is present. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Cloudflare Image Resizing plugin to version 1.5.7 or later, as this version patches CVE-2025-8723 by implementing additional hardening measures and enhanced input validation. Additionally, ensure that your WordPress installation and other plugins are up to date, and consider monitoring and restricting REST API access if possible until the update is applied. [2]