WordPress Maspik – Spam blacklist Plugin <= 0.7.8 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-24008
8.8HIGH
Summary
The yonifre Maspik – Spam Blacklist plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF), allowing unauthorized commands to be executed by an attacker. This vulnerability affects versions up to 0.7.8, potentially compromising user-interactive functions without the user's consent.
Affected Version(s)
Maspik – Spam Blacklist <= 0.7.8
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Mika (Patchstack Alliance)