Plattform
wordpress
Komponente
add-custom-codes
Behoben in
4.80.1
A Cross-Site Request Forgery (CSRF) vulnerability exists in SaifuMak Add Custom Codes, potentially allowing attackers to execute unauthorized actions. This vulnerability impacts versions ranging from 0.0.0 through 4.80. The issue has been resolved in version 5.0, and users are strongly advised to upgrade.
This CSRF vulnerability allows an attacker to trick an authenticated user into unknowingly performing actions they did not intend. For example, an attacker could craft a malicious link that, when clicked by a logged-in user, modifies settings, creates new content, or performs other actions within the Add Custom Codes plugin. The blast radius is limited to the user's privileges within the WordPress site, but a site administrator's account could lead to significant compromise. Successful exploitation requires the user to be logged in and interact with the malicious link.
CVE-2025-62739 was published on 2025-12-09. No public proof-of-concept (POC) code is currently available. The vulnerability's CVSS score of 6.5 (MEDIUM) indicates a moderate probability of exploitation. It is not currently listed on the CISA KEV catalog.
WordPress websites utilizing the SaifuMak Add Custom Codes plugin, particularly those running versions 0.0.0 through 4.80, are at risk. Shared hosting environments where plugin updates are managed centrally are also potentially vulnerable if they have not been updated.
• wordpress / composer / npm:
grep -r 'add_custom_codes' /var/www/html/wp-content/plugins/• wordpress / composer / npm:
wp plugin list --status=inactive | grep add_custom_codes• wordpress / composer / npm:
curl -I https://example.com/wp-content/plugins/add-custom-codes/ | grep -i 'add-custom-codes'disclosure
Exploit-Status
EPSS
0.02% (6% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade SaifuMak Add Custom Codes to version 5.0 or later, which contains the fix. If immediate upgrading is not possible, consider implementing a Content Security Policy (CSP) to restrict the sources from which scripts can be executed. Additionally, implement strict input validation and output encoding to minimize the impact of any potential CSRF attempts. Monitor WordPress access logs for suspicious requests originating from unfamiliar sources.
Aktualisieren Sie auf Version 5.0 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-62739 is a Cross-Site Request Forgery vulnerability affecting SaifuMak Add Custom Codes versions 0.0.0–4.80, allowing attackers to perform unauthorized actions.
You are affected if your WordPress site uses SaifuMak Add Custom Codes version 0.0.0 through 4.80. Upgrade to version 5.0 to mitigate the risk.
Upgrade SaifuMak Add Custom Codes to version 5.0 or later. Consider implementing a Content Security Policy (CSP) as an additional layer of defense.
There is no current evidence of active exploitation, but the vulnerability's medium severity warrants prompt remediation.
Refer to the SaifuMak plugin documentation and WordPress plugin repository for the latest advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.