CVE-2025-68073
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-22

Last updated on: 2026-04-27

Assigner: Patchstack

Description
Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-22
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-01-22
EPSS Evaluated
2026-06-15
NVD
CVE-2025-68073
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
ninja_team gdrp_ccpa_compliance_support to 2.7.4 (inc)
ninja_team gdrp_ccpa_compliance_support 2.7.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability affects the GDPR CCPA Compliance Support Plugin, which is designed to assist with data privacy compliance. Due to missing authorization and broken access control, unprivileged users can perform actions reserved for higher privileged roles, potentially compromising the enforcement of data privacy controls. This could undermine the effectiveness of compliance measures related to GDPR and similar regulations by allowing unauthorized access or modification of compliance-related settings or data. [1]

Executive Summary

CVE-2025-68073 is a Broken Access Control vulnerability in the WordPress GDPR CCPA Compliance Support Plugin (versions up to 2.7.4). It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, which allows unprivileged users (like subscribers) to perform actions meant only for higher privileged roles. This compromises the access control mechanisms of the plugin. [1]

Impact Analysis

This vulnerability can allow unauthorized users to perform privileged actions within the GDPR CCPA Compliance Support Plugin, potentially leading to unauthorized access or modification of compliance-related settings or data. This can compromise the security and integrity of your website's data privacy compliance features, increasing the risk of data exposure or misuse. [1]

Detection Guidance

Detection can involve monitoring for unauthorized actions performed by low-privileged users that should require higher privileges, such as subscribers executing admin-level functions in the GDPR CCPA Compliance Support plugin. Since the vulnerability is due to missing authorization checks in plugin functions, reviewing access logs for suspicious activity related to this plugin is recommended. Specific commands are not provided in the resources, but administrators can check WordPress logs or use security plugins to audit user actions and access attempts related to the GDPR CCPA Compliance Support plugin. [1]

Mitigation Strategies

The immediate mitigation step is to update the GDPR CCPA Compliance Support plugin to version 2.7.5 or later, which contains the fix for this vulnerability. Additionally, applying the automatic mitigation rule provided by Patchstack to block attacks targeting this vulnerability until the update is applied is recommended. Enabling auto-updates for vulnerable plugins can also help ensure timely protection. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68073. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart