cleantalk
Vulnerabilities and Security Researches

Maspik – Spam Blacklist, CVE-2025-9979

CVE, Research URL

CVE-2025-9979

Home page URL

Security reports for Maspik – Spam Blacklist

Application

Maspik – Spam Blacklist

Published on
Sep 10, 2025
Research Description
The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This is due to missing capability checks on the Maspik_spamlog_download_csv function. This makes it possible for authenticated attackers, with subscriber-level access and above, to export and download the spam log database containing blocked submission attempts, which may include misclassified but legitimate submissions with sensitive data.
Affected versions
max 2.5.7.
Status
vulnerable
Previous vulnerability researches
Maspik – Spam Blacklist (CVE-2024-25101) , Jun 07, 2024
Maspik – Spam Blacklist (CVE-2023-24008) , Jun 07, 2024
Maspik – Spam Blacklist (CVE-2023-48272) , Jun 07, 2024
Maspik – Spam Blacklist (CVE-2023-48271) , Jun 07, 2024
Maspik – Spam Blacklist (CVE-2025-9888) , Apr 23, 2026
New vulnerability
FAQ Manager For Divi, Gutenberg Block & Shortcode (CVE-2023-33999) , Jun 14, 2026
TablePress – Tables in WordPress made easy (CVE-2023-33999) , Jun 14, 2026
Docket Cache – Object Cache Accelerator (CVE-2026-22492) , Jun 14, 2026
Advanced Classifieds & Directory Pro (CVE-2023-33999) , Jun 14, 2026
Display Eventbrite Events (CVE-2023-33999) , Jun 14, 2026