cleantalk
Vulnerabilities and Security Researches

Maspik – Spam Blacklist, CVE-2025-9888

CVE, Research URL

CVE-2025-9888

Home page URL

Security reports for Maspik – Spam Blacklist

Application

Maspik – Spam Blacklist

Published on
Sep 10, 2025
Research Description
The Maspik – Ultimate Spam Protection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.6. This is due to missing or incorrect nonce validation on the clear_log function. This makes it possible for unauthenticated attackers to clear all spam logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2.5.7.
Status
vulnerable
Previous vulnerability researches
CI HUB Connector (CVE-2026-4353) , Apr 23, 2026
New vulnerability
Download Manager (CVE-2025-10146) , Apr 23, 2026
Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder (CVE-2025-9260) , Apr 23, 2026
Text Snippets (CVE-2026-5748) , Apr 23, 2026
Bread & Butter: real lead capture, gated content & newsletter opt-ins (CVE-2026-4279) , Apr 23, 2026
WP News and Scrolling Widgets (CVE-2026-6443) , Apr 23, 2026