Refine your search

1 vulnerability found for Claspo – Popups, Spin the Wheel & Email Capture by Claspo Popup Builders

CVE-2025-68568 (GCVE-0-2025-68568)
Vulnerability from cvelistv5
Published
2025-12-24 13:10
Modified
2026-04-28 16:14
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE
Summary
Missing Authorization vulnerability in Claspo Popup Builders Claspo – Popups, Spin the Wheel & Email Capture claspo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Claspo – Popups, Spin the Wheel & Email Capture: from n/a through <= 1.0.7.
References
Impacted products
Vendor Product Version
Claspo Popup Builders Claspo – Popups, Spin the Wheel & Email Capture Version: 0   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-68568",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-24T18:52:49.507121Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-27T18:43:30.163Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "claspo",
          "product": "Claspo \u2013 Popups, Spin the Wheel \u0026 Email Capture",
          "vendor": "Claspo Popup Builders",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.0.8",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.0.7",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Legion Hunter | Patchstack Bug Bounty Program"
        }
      ],
      "datePublic": "2026-04-22T14:23:09.162Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Missing Authorization vulnerability in Claspo Popup Builders Claspo \u2013 Popups, Spin the Wheel \u0026 Email Capture claspo allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Claspo \u2013 Popups, Spin the Wheel \u0026 Email Capture: from n/a through \u003c= 1.0.7.\u003c/p\u003e"
            }
          ],
          "value": "Missing Authorization vulnerability in Claspo Popup Builders Claspo \u2013 Popups, Spin the Wheel \u0026 Email Capture claspo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Claspo \u2013 Popups, Spin the Wheel \u0026 Email Capture: from n/a through \u003c= 1.0.7."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-180",
          "descriptions": [
            {
              "lang": "en",
              "value": "Exploiting Incorrectly Configured Access Control Security Levels"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-28T16:14:30.628Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/Wordpress/Plugin/claspo/vulnerability/wordpress-popup-builder-exit-intent-pop-up-spin-the-wheel-newsletter-signup-email-capture-lead-generation-forms-maker-plugin-1-0-5-broken-access-control-vulnerability?_s_id=cve"
        }
      ],
      "title": "WordPress Claspo \u2013 Popups, Spin the Wheel \u0026 Email Capture plugin \u003c= 1.0.7 - Broken Access Control vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2025-68568",
    "datePublished": "2025-12-24T13:10:36.357Z",
    "dateReserved": "2025-12-19T10:17:28.557Z",
    "dateUpdated": "2026-04-28T16:14:30.628Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}