CVE-2024-9182
- EPSS 0.03%
- Veröffentlicht 15.05.2025 20:16:00
- Zuletzt bearbeitet 12.06.2025 16:36:53
The Maspik WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
CVE-2024-25101
- EPSS 0.14%
- Veröffentlicht 13.03.2024 16:15:29
- Zuletzt bearbeitet 23.01.2025 19:18:08
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.10.6.
CVE-2023-48272
- EPSS 0.17%
- Veröffentlicht 30.11.2023 17:15:11
- Zuletzt bearbeitet 21.11.2024 08:31:23
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.9.2.
CVE-2023-24008
- EPSS 0.06%
- Veröffentlicht 26.05.2023 13:15:11
- Zuletzt bearbeitet 21.11.2024 07:47:15
Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik – Spam Blacklist plugin <= 0.7.8 versions.