CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53806 – WordPress Maspik plugin <= 2.2.7 - CSRF to Settings Change vulnerability
https://notcve.org/view.php?id=CVE-2024-53806
02 Dec 2024 — Missing Authorization vulnerability in WpMaspik Maspik – Spam blacklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Maspik – Spam blacklist: from n/a through 2.2.7. The Maspik – Advanced Spam Protection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.7. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to change plugin sett... • https://patchstack.com/database/wordpress/plugin/contact-forms-anti-spam/vulnerability/wordpress-maspik-plugin-2-2-7-csrf-to-settings-change-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25101 – WordPress Maspik – Spam blacklist Plugin <= 0.10.6 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2024-25101
12 Feb 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.10.6. Neutralización inadecuada de la entrada durante la vulnerabilidad de generación de páginas web ('Cross-site Scripting') en yonifre Maspik – Spam Blacklist permite almacenar XSS. Este problema afecta a Maspik – Spam Blacklist: desde n/a hasta 0.10.6. The Maspik – Spam Blacklist plugin for Wo... • https://patchstack.com/database/vulnerability/contact-forms-anti-spam/wordpress-maspik-spam-blacklist-plugin-0-10-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48271 – WordPress Maspik – Spam Blacklist plugin <= 0.10.3 - IP Filtering Bypass vulnerability
https://notcve.org/view.php?id=CVE-2023-48271
21 Nov 2023 — Authentication Bypass by Spoofing vulnerability in yonifre Maspik – Spam blacklist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maspik – Spam blacklist: from n/a through 0.10.3. Vulnerabilidad de omisión de autenticación mediante suplantación de identidad en yonifre Maspik – Spam blacklist permite acceder a funciones no restringidas adecuadamente por las ACL. Este problema afecta a Maspik – Spam blacklist: desde n/a hasta 0.10.3. The Maspik – Spam Blacklist plugin for W... • https://patchstack.com/database/vulnerability/contact-forms-anti-spam/wordpress-maspik-spam-blacklist-plugin-0-9-2-ip-filtering-bypass-vulnerability?_s_id=cve • CWE-290: Authentication Bypass by Spoofing CWE-348: Use of Less Trusted Source •