CVE-2026-24593
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-23

Last updated on: 2026-01-26

Assigner: Patchstack

Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Retrieve Embedded Sensitive Data.This issue affects AWP Classifieds: from n/a through <= 4.4.3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-01-26
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-06-14
NVD
CVE-2026-24593
EUVD
EUVD-2026-4241
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
strategy11 another_wordpress_classifieds_plugin to 4.4.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-497 The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-24593 is a Sensitive Data Exposure vulnerability in the WordPress AWP Classifieds Plugin (versions up to 4.4.3). It allows unauthenticated attackers to access sensitive system information that should normally be restricted. This exposure could potentially be used to exploit other system weaknesses, but the overall severity is considered low. [1]

Impact Analysis

This vulnerability can allow unauthorized users to retrieve sensitive information from the system without any privileges. While the direct impact is limited and rated as low severity, the exposed data could be leveraged to carry out further attacks or exploit other vulnerabilities within the system. [1]

Mitigation Strategies

Since no official fix or patched version is available as of the publication date, immediate mitigation steps include using Patchstack's mitigation services if possible, restricting access to the affected plugin or site areas to trusted users only, and monitoring for any unauthorized access attempts. Additionally, consider disabling or removing the AWP Classifieds plugin until a patch is released to prevent exploitation by unauthenticated attackers. [1]

Compliance Impact

The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24593. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart