Last year, Patchstack vaguely claimed that the plugin Maspik – Spam blacklist contained a cross-site request forgery (CSRF) vulnerability. About the only detail provided was tha it was supposed to have been fixed in version 0.7.9. The changelog for that version doesn’t suggest a vulnerability was fixed, as it reads “Bug fix (Please update ASAP!)”.
…
For our 43nd security review of a WordPress plugin based on the voting of our customers, we reviewed the plugin Maspik – Spam blacklist.
If you are not yet a customer of the service, once you sign up for the service as a paying customer, you can start suggesting and voting on plugins to get security reviews. For those already using the service that haven’t already suggested and voted for plugins to receive a review, you can start doing that here. You can use our tool for doing limited automated security checks of plugins to see if plugins you are using have possible issues that would make them good candidates to get a review. You can also order a review of a plugin separately from our service. [Read more]