CNNVD-202512-4368 Information

CNNVD ID

CNNVD-202512-4368

Related CVE

CVE-2025-68568

• CNNVD Published: 2025-12-24

Description (Chinese)

Spin等都是开源的产品。Spin是一个开源软件验证工具。Newsletter是WebSockets ws等都是(WebSockets)开源的产品。ws是一个 Node.js WebSocket 库。FreeBSD ctl等都是(FreeBSD)基金会的产品。ctl是一个工具。 WordPress plugin Claspo – Popups, Spin the Wheel & Email Capture 1.0.5及之前版本存在安全漏洞，该漏洞源于缺少授权，可能导致利用错误配置的访问控制安全级别。

Description (English)

Spin and others are open-source products. Spin is an open-source software validation tool. Newsletter is a product of WebSockets ws and so on. Ws is a Node.js WebSocket library. FreeBSD ctl etc. are the products of FreeBSD. Ctl is a tool. WordPress plugin Crispo – Popups, Spin the Wheel & Email Capture 1.5 and previous versions have security gaps, which stem from a lack of authorization and may lead to access control security levels using the wrong configuration.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

WordPress

Published

2025-12-24

Last Modified

2026-02-24

References

https://vdp.patchstack.com/database/Wordpress/Plugin/claspo/vulnerability/wordpress-popup-builder-exit-intent-pop-up-spin-the-wheel-newsletter-signup-email-capture-lead-generation-forms-maker-plugin-1-0-5-broken-access-control-vulnerability?_s_id=cve

Patch

https://wordpress.org/plugins/claspo/