EUVD-2025-15221

Malicious code in bioql PyPI...

CVE-2025-9888

The Maspik – Ultimate Spam Protection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.6. This is due to missing or incorrect nonce validation on the clearlog function. This makes it possible for unauthenticated attackers to clear all spam...

CVE-2025-9979

The Maspik plugin for WordPress is vulnerable to Missing Authorization in version 2.5.6 and prior. This is due to missing capability checks on the Maspikspamlogdownloadcsv function. This makes it possible for authenticated attackers, with subscriber-level access and above, to export and download...

CVE-2025-9888

The Maspik – Ultimate Spam Protection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.6. This is due to missing or incorrect nonce validation on the clearlog function. This makes it possible for unauthenticated attackers to clear all spam...

CVE-2024-9182

The Maspik WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

PT-2025-21538 · WordPress · Maspik

Name of the Vulnerable Software and Affected Versions: Maspik WordPress plugin versions prior to 2.1.3 Description: The issue concerns the Maspik WordPress plugin, where certain settings are not properly sanitized and escaped. This could allow high-privilege users, such as administrators, to...