The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This is due to missing capability checks on the Mas

DATABASE

WORDPRESS

10-09-2025 04:20

CVE-2025-9979 Vulnerabilidad documentada

4.3 MEDIUM

Tags

#wordpress

#plugin

#data

#git

#database

#attackers

#authenticated

#vulnerable

#attack

#access

Descripción

The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This due missing capability checks on the Maspik_spamlog_download_csv function. makes it possible authenticated attackers, with subscriber-level access above, export download spam log database containing blocked submission attempts, which may include misclassified but legitimate submissions sensitive data.

https://plugins.trac.wordpress.org/browser/contact-forms-anti-spam/trunk/includes/functions.php#L1482

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3357602 40contact-forms-anti-spam&new=3357602 40contact-forms-anti-spam&sfp_email=&sfph_mail=

https://www.wordfence.com/threat-intel/vulnerabilities/id/7ee68705-cbb3-44b8-8223-4cecd678bcab?source=cve

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-9979

Resultados similares

Coincidentes en almenos en 50% de los tags

10-09-2025 CVE-2025-7718
The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable...
Ver información

10-09-2025 CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response w...
Ver información