Multiple Plugins from itayamar – Supply Chain Compromise | CVE 2025-8047

Description

The plugins load a JavaScript file which has been compromised from an apparent abandoned S3 bucket. It can be used as a backdoor by those who control it, but it currently displays an alert marketing security services. Users that pay are added to allowedDomains to suppress the popup.

Proof of Concept

curl -L https://pixter-loader-assets.s3.amazonaws.com/Loader/v3Loader.js

Affects Plugins

disable-right-click-powered-by-pixterme

No known fix

pixter-image-digital-license

No known fix

References

CVE

CVE-2025-8047

Miscellaneous

Original Researcher

Mike Gozdiskowski

Submitter

Mike Gozdiskowski

Verified

Yes

WPVDB ID

a0c70b98-a3f9-4d4c-a25f-81424230b1a5

Timeline

Publicly Published

2025-07-23 (about 4 months ago)

Added

2025-07-23 (about 4 months ago)

Last Updated

2025-07-23 (about 4 months ago)

Other

Published

Title

Published

2017-12-19

Title

Captcha 4.3.6–4.4.4 - Backdoored

Published

2019-03-29

Title

Pipdig Power Pack < 4.8.0 - Vendor Backdoors & Suspicious Code

Published

2017-12-28

Title

WP No External Links 4.2.1-4.2.2 - Backdoored

Published

2017-12-28

Title

Duplicate Page and Post 2.1.0-2.1.1 (current) - Backdoored

Published

2017-12-28

Title

No Follow All External Links 2.1.0-2.3.0 (current) - Backdoored