CVE-2025-8047: 
WordPress vulnerability analysis and mitigation

CVE-2025-8047 affects multiple WordPress plugins (disable-right-click-powered-by-pixterme through v1.2 and pixter-image-digital-license through v1.0) that were discovered to be compromised through a supply chain attack. The vulnerability was discovered on July 23, 2025, and involves JavaScript files loaded from a compromised S3 bucket (WPScan).

The vulnerability stems from the plugins loading a compromised JavaScript file from an abandoned S3 bucket. The CVSS v3.1 base score is 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a critical severity level with network accessibility, low attack complexity, and no required privileges or user interaction (CISA-ADP).

The compromised JavaScript file can potentially be used as a backdoor by malicious actors who control the S3 bucket. Currently, the compromise manifests as displaying alert messages marketing security services, with users who pay being added to an allowedDomains list to suppress the popup (WPScan).

Currently, there are no known fixes available for either of the affected plugins. Users are advised to remove these plugins from their WordPress installations until patches are released (WPScan).