Plateforme
wordpress
Composant
cf-image-resizing
Corrigé dans
1.5.7
CVE-2025-8723 represents a critical Remote Code Execution (RCE) vulnerability discovered in the Cloudflare Image Resizing plugin for WordPress. This flaw allows unauthenticated attackers to inject malicious PHP code into the plugin's codebase, potentially granting them complete control over the affected WordPress installation. The vulnerability impacts versions 1.0.0 through 1.5.6, and a patch is available in version 1.5.7.
The impact of CVE-2025-8723 is severe. Successful exploitation allows an attacker to execute arbitrary PHP code on the server hosting the WordPress site. This can lead to complete website takeover, data exfiltration (including sensitive user data, database credentials, and proprietary information), defacement, and the installation of malware. Given the plugin's function of image resizing, attackers could potentially leverage this to inject malicious code into images served to users, leading to further compromise. The lack of authentication makes this vulnerability particularly dangerous, as it can be exploited without any prior credentials.
CVE-2025-8723 is publicly known and has a CRITICAL CVSS score. While no active exploitation campaigns have been definitively confirmed, the ease of exploitation and the plugin's popularity suggest a high probability of exploitation. Public proof-of-concept (PoC) code is likely to emerge, further increasing the risk. This vulnerability was disclosed on 2025-08-19.
WordPress websites utilizing the Cloudflare Image Resizing plugin, particularly those running versions 1.0.0 through 1.5.6, are at significant risk. Shared hosting environments where plugin updates are not managed by the website owner are especially vulnerable. Sites relying on this plugin for critical image processing or serving are also at higher risk.
• wordpress / composer / npm:
grep -r 'hook_rest_pre_dispatch()' /var/www/html/wp-content/plugins/cloudflare-image-resizing/• wordpress / composer / npm:
wp plugin list | grep 'cloudflare-image-resizing'• wordpress / composer / npm:
wp plugin update cloudflare-image-resizing --version=1.5.7disclosure
Statut de l'Exploit
EPSS
1.49% (percentile 81%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-8723 is to immediately upgrade the Cloudflare Image Resizing plugin to version 1.5.7 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the plugin to prevent exploitation. While a direct WAF rule is difficult to implement without specific payload signatures, a general rule blocking requests to the hookrestpre_dispatch() endpoint could offer limited protection. Regularly review WordPress plugin installations and ensure they are from trusted sources.
Mettez à jour le plugin Cloudflare Image Resizing à la version 1.5.7 ou supérieure pour atténuer la vulnérabilité d'exécution de code à distance. Cette mise à jour corrige le manque d'authentification et la sanitisation insuffisante qui permettent aux attaquants d'injecter du code PHP arbitraire.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-8723 is a critical Remote Code Execution vulnerability in the Cloudflare Image Resizing plugin for WordPress, allowing attackers to execute arbitrary PHP code.
You are affected if your WordPress site uses the Cloudflare Image Resizing plugin versions 1.0.0 through 1.5.6. Check your plugin versions immediately.
Upgrade the Cloudflare Image Resizing plugin to version 1.5.7 or later. If immediate upgrade is not possible, temporarily disable the plugin.
While no confirmed active exploitation campaigns are known, the vulnerability's severity and ease of exploitation suggest a high risk of exploitation.
Refer to the official Cloudflare security advisory for detailed information and updates regarding CVE-2025-8723.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.