CVE-2025-9979

Name of the Vulnerable Software and Affected Versions: Maspik plugin for WordPress versions prior to 2.5.6

Description: The Maspik plugin for WordPress is susceptible to a missing authorization issue. This is caused by the absence of capability checks within the Maspik spamlog download csv function. Authenticated attackers with subscriber-level access or higher can export and download the spam log database, potentially exposing sensitive data from legitimate submissions that were incorrectly flagged as spam.

Recommendations: Update the Maspik plugin to a version later than 2.5.6.