CVE-2025-62108 MEDIUM

CVE-2025-62108: WordPress Add Custom Codes plugin <= 4.80 - Broken Access Control vulnerability

Vendor Saifumak
Product Add Custom Codes
Weakness CWE-862 · Missing authorization
Published December 31, 2025
Last update April 28, 2026

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Missing Authorization vulnerability in SaifuMak Add Custom Codes add-custom-codes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Custom Codes: from n/a through <= 4.80.

Explanation of Vulnerability in Simple Terms

02Summary

Add Custom Codes versions 4.80 and earlier lack proper authorization checks, allowing authenticated users with low privileges to modify or disable site functionality. An attacker can alter custom code settings without proper permission verification. This affects the integrity and availability of code-based customizations on affected sites.

What an attacker can do

03Attacker Capabilities

Modify or disable custom code settings without proper authorization.

Potential impact on your site

04Site Impact

Unauthorized users can alter custom code configurations, potentially breaking site functionality or injecting malicious code.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege authenticated account on the site.

Key dates

06Disclosure timeline

December 31, 2025 CVE published
April 28, 2026 Record updated