CVE-2025-8047

Summary

The disable-right-click-powered-by-pixterme through v1.2 and pixter-image-digital-license thtough v1.0 WordPress plugins load a JavaScript file which has been compromised from an apparent abandoned S3 bucket. It can be used as a backdoor by those who control it, but it currently displays an alert marketing security services. Users that pay are added to allowedDomains to suppress the popup.

Affected Software

VendorProductVersion RangeStatus
Unknowndisable-right-click-powered-by-pixterme0 <= 1.2affected
Unknownpixter-image-digital-license0 <= 1.0affected

Weaknesses

  • CWE-829 Inclusion of Functionality from Untrusted Control Sphere

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

Additional References

References