Missing Authorization in Popup Builder by Claspo Affects Lead Generation Tools
CVE-2025-68568

Currently unrated

Key Information:

Vendor

WordPress
Status
Popup Builder: Exit-intent Pop-up, Spin The Wheel, Newsletter Signup, Email Capture & Lead Generation Forms Maker
Vendor
CVE Published:
24 December 2025

What is CVE-2025-68568?

The Popup Builder by Claspo contains a missing authorization vulnerability that allows unauthorized users to exploit incorrectly configured access control levels. This vulnerability affects various functionalities including the Exit-Intent pop-up, Spin the Wheel, Newsletter signup, and Email Capture tools. It is critical for users to apply the necessary security measures to safeguard their data and user interactions, as affected versions include all prior to and including 1.0.5.

Affected Version(s)

Popup Builder: Exit-Intent pop-up, Spin the Wheel, Newsletter signup, Email Capture &amp; Lead Generation forms maker <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/clas...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Legion Hunter | Patchstack Bug Bounty Program
JSON
.
CVE-2025-68568 : Missing Authorization in Popup Builder by Claspo Affects Lead Generation Tools