CVE-2025-68502
WordPress JetPopup plugin <= 2.0.20.1 - Insecure Direct Object References (IDOR) vulnerabilityAuthorization Bypass Through User-Controlled Key vulnerability in Crocoblock JetPopup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetPopup: from n/a through 2.0.20.1.
We have discovered 24,466 live websites that are affected by CVE-2025-68502.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 24,466 live websites (94% of Crocoblock JetPopup install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 60 versions ( 97% of all versions) |
Common Weakness Enumeration
CWE-639 Authorization Bypass Through User-Controlled KeyDetails
- Published - Dec 29, 2025
- Updated - Jan 20, 2026
Credits
- Bonds | Patchstack Bug Bounty Program) (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-68502 United States | 6,218 websites |
 Germany | 2,302 websites |
 Brazil | 1,372 websites |
 France | 1,339 websites |
 Netherlands | 924 websites |
 Spain | 889 websites |
 GB | 858 websites |
 Italy | 785 websites |
 Russia | 777 websites |
 Canada | 667 websites |
Website Distribution by TLD
Number of websites using CVE-2025-68502| .com | 9,176 websites |
| .de | 1,392 websites |
| .com.br | 1,217 websites |
| .org | 901 websites |
| .nl | 820 websites |
| .fr | 614 websites |
| .ru | 610 websites |
| .it | 559 websites |
| .co.uk | 474 websites |
| .es | 403 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-68502
Top websites that are affected by CVE-2025-68502. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.com | United States | *** | |
| ******************.com | United States | **,*** | |
| *****************.net | GB | **,*** | |
| ******.com | United States | **,*** | |
| ******.com | United States | **,*** | |
| **********.org | United States | **,*** | |
| **************.com | United States | **,*** | |
| **********.com | United States | **,*** | |
| ********.com | United States | **,*** | |
| ******.de | Germany | **,*** |
FAQ
CVE-2025-68502 is Authorization Bypass Through User-Controlled Key in Crocoblock JetPopup
A total of 24,466 websites have been identified as vulnerable to CVE-2025-68502, based on global website indexing conducted by WebTechSurvey.
The Crocoblock JetPopup is affected by the CVE-2025-68502 vulnerability.
Crocoblock JetPopup versions up to and including 2.0.20.1 are vulnerable to CVE-2025-68502.