CVE-2025-30975
Description
Improper Control of Generation of Code ('Code Injection') vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Code Injection.This issue affects Add Custom Codes: from n/a through <= 4.80.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The Add Custom Codes WordPress plugin <=4.80 has a code injection vulnerability allowing remote attackers to execute arbitrary code.
Vulnerability
Overview The Add Custom Codes WordPress plugin (versions up to and including 4.80) suffers from a code injection vulnerability due to improper control of code generation. This flaw allows an attacker to inject and execute arbitrary code on the target site.
Exploitation
Details The vulnerability can be exploited remotely without authentication, as the plugin fails to sanitize user-supplied input before using it in code generation. Attackers can craft malicious requests to inject PHP or other executable code, leading to arbitrary code execution.
Impact
Successful exploitation gives an attacker full control over the affected WordPress site, enabling actions such as data theft, website defacement, or further compromise of server resources. Given the widespread use of WordPress, this vulnerability is expected to be targeted in mass-exploit campaigns.
Mitigation
The vendor has released version 5.0 to address this issue. Users are strongly advised to update immediately. For those unable to update, implementing a web application firewall rule (e.g., Patchstack's mitigation rule) can provide temporary protection. No other workarounds are currently available [1].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=4.80
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.