CVE-2025-68073
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-04-27
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ninja_team | gdrp_ccpa_compliance_support | to 2.7.4 (inc) |
| ninja_team | gdrp_ccpa_compliance_support | 2.7.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability affects the GDPR CCPA Compliance Support Plugin, which is designed to assist with data privacy compliance. Due to missing authorization and broken access control, unprivileged users can perform actions reserved for higher privileged roles, potentially compromising the enforcement of data privacy controls. This could undermine the effectiveness of compliance measures related to GDPR and similar regulations by allowing unauthorized access or modification of compliance-related settings or data. [1]
Can you explain this vulnerability to me?
CVE-2025-68073 is a Broken Access Control vulnerability in the WordPress GDPR CCPA Compliance Support Plugin (versions up to 2.7.4). It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, which allows unprivileged users (like subscribers) to perform actions meant only for higher privileged roles. This compromises the access control mechanisms of the plugin. [1]
How can this vulnerability impact me? :
This vulnerability can allow unauthorized users to perform privileged actions within the GDPR CCPA Compliance Support Plugin, potentially leading to unauthorized access or modification of compliance-related settings or data. This can compromise the security and integrity of your website's data privacy compliance features, increasing the risk of data exposure or misuse. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve monitoring for unauthorized actions performed by low-privileged users that should require higher privileges, such as subscribers executing admin-level functions in the GDPR CCPA Compliance Support plugin. Since the vulnerability is due to missing authorization checks in plugin functions, reviewing access logs for suspicious activity related to this plugin is recommended. Specific commands are not provided in the resources, but administrators can check WordPress logs or use security plugins to audit user actions and access attempts related to the GDPR CCPA Compliance Support plugin. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the GDPR CCPA Compliance Support plugin to version 2.7.5 or later, which contains the fix for this vulnerability. Additionally, applying the automatic mitigation rule provided by Patchstack to block attacks targeting this vulnerability until the update is applied is recommended. Enabling auto-updates for vulnerable plugins can also help ensure timely protection. [1]