CVE-2025-9979 in Maspik Plugininformação

Sumário

de MITRE • 10/09/2025

The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This is due to missing capability checks on the Maspik_spamlog_download_csv function. This makes it possible for authenticated attackers, with subscriber-level access and above, to export and download the spam log database containing blocked submission attempts, which may include misclassified but legitimate submissions with sensitive data.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Divulgação

10/09/2025

Moderação

aceite

Entrada

VDB-323447

CPE

pronto

CWE

CWE-862 (confirmado)

CVSS

4.3 (CNA)

EPSS

0.00063

KEV

não

Atividades

muito baixo

Sector

Hostingprovider

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-9979
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-9979
CVE Details	https://www.cvedetails.com/cve/CVE-2025-9979/

◂ Voltar Visão Geral Próximo ▸

Want to know what is going to be exploited?

We predict KEV entries!