Plattform
wordpress
Komponente
add-custom-codes
Behoben in
4.80.1
CVE-2025-30975 identifies a Code Injection vulnerability within the SaifuMak Add Custom Codes WordPress plugin. This flaw allows attackers to inject arbitrary code, potentially gaining control over the affected WordPress site and its underlying server. The vulnerability impacts versions from 0.0.0 through 4.80, and a fix is available in version 5.0.
The Code Injection vulnerability in SaifuMak Add Custom Codes poses a significant risk. An attacker could leverage this flaw to execute arbitrary PHP code on the server hosting the WordPress site. This could lead to a complete compromise of the site, including data theft, modification, or deletion. Furthermore, an attacker could potentially use the compromised site as a launchpad for attacks against other systems on the same network, expanding the blast radius. The ability to inject code provides a high degree of control, making this a particularly dangerous vulnerability.
CVE-2025-30975 was published on 2025-08-20. As of this date, there are no publicly known proof-of-concept exploits. The EPSS score is pending evaluation, but the Code Injection nature of the vulnerability suggests a potentially high probability of exploitation if a suitable exploit is developed and made public. Monitor security advisories and threat intelligence feeds for updates.
WordPress sites utilizing the SaifuMak Add Custom Codes plugin, particularly those running older, unpatched versions (0.0.0–4.80), are at risk. Shared hosting environments where multiple websites share the same server are also at increased risk, as a compromise of one site could potentially lead to the compromise of others.
• wordpress / composer / npm:
grep -r "add_custom_codes" /var/www/html/• wordpress / composer / npm:
wp plugin list | grep add_custom_codes• wordpress / composer / npm:
wp plugin update add-custom-codesdisclosure
Exploit-Status
EPSS
0.05% (14% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-30975 is to immediately upgrade the SaifuMak Add Custom Codes plugin to version 5.0 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the plugin to reduce the attack surface. While a direct WAF rule targeting this specific code injection is unlikely, general PHP code injection rules can provide some protection. Regularly review the plugin's code for suspicious modifications and implement robust input validation practices within your WordPress theme and other plugins.
Aktualisieren Sie auf Version 5.0 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-30975 is a Code Injection vulnerability affecting SaifuMak Add Custom Codes versions 0.0.0–4.80, allowing attackers to inject malicious code. It carries a CVSS score of 7.5 (HIGH).
You are affected if your WordPress site uses SaifuMak Add Custom Codes version 0.0.0 through 4.80. Check your plugin versions immediately.
Upgrade the SaifuMak Add Custom Codes plugin to version 5.0 or later. If immediate upgrade is not possible, temporarily disable the plugin.
As of 2025-08-20, there are no publicly known active exploits, but the vulnerability's nature suggests a potential for exploitation.
Refer to the SaifuMak plugin documentation or their official website for the latest advisory regarding CVE-2025-30975.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.