The Maspik – Ultimate Spam Protection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.6.

WORDPRESS

10-09-2025 04:20

CVE-2025-9888 Vulnerabilidad documentada

4.3 MEDIUM

Tags

#wordpress

#site

#plugin

#cross

#form

#cross-site

#admin

#attackers

#authenticated

#vulnerable

#protect

#attack

Descripción

The Maspik – Ultimate Spam Protection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.6. This due missing or incorrect nonce validation on the clear_log function. makes it possible unauthenticated attackers clear spam logs via a forged request granted they can trick site administrator into performing an action such as clicking link.

https://plugins.trac.wordpress.org/browser/contact-forms-anti-spam/tags/2.5.5/admin/partials/maspik-log.php#L12

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3357602 40contact-forms-anti-spam&new=3357602 40contact-forms-anti-spam&sfp_email=&sfph_mail=

https://research.cleantalk.org/CVE-2025-9888

https://www.wordfence.com/threat-intel/vulnerabilities/id/b9b18739-67ed-4cb0-9577-eb60bc84bbeb?source=cve

Referencia

CVE-2025-9888<

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-9888

Resultados similares

Coincidentes en almenos en 50% de los tags

10-09-2025 CVE-2025-7718
The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable...
Ver información

10-09-2025 CVE-2025-9979
The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and pri...
Ver información