CVE-2026-24602
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2026-24602, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-23

Last updated on: 2026-02-04

Assigner: Patchstack

Description

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. This is a false positive. According to the vendor, the function identified as a vulnerability is intentional and part of the expected design.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-23
Last Modified
2026-02-04
Generated
2026-07-06
AI Q&A
2026-01-23
EPSS Evaluated
2026-02-03
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
raptive raptive_ads to 3.10.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-24602 is a Broken Access Control vulnerability in the WordPress Raptive Ads Plugin (versions up to 3.10.0). It occurs due to missing authorization, authentication, or nonce token checks, allowing unauthenticated users to perform actions that should be restricted to higher privileged users. [1]

Impact Analysis

This vulnerability can allow unauthorized users to perform privileged actions within the Raptive Ads plugin, potentially leading to unauthorized changes or access. However, it has a low severity impact with a CVSS score of 5.3 and is considered unlikely to be exploited. [1]

Detection Guidance

There are no specific detection commands or network/system detection methods provided for this vulnerability. Since it is a Broken Access Control issue in the Raptive Ads WordPress plugin, detection would typically involve reviewing access control configurations and attempting unauthorized actions within the plugin to verify if missing authorization checks exist. However, no explicit commands or automated detection techniques are detailed. [1]

Mitigation Strategies

Immediate mitigation steps are not explicitly provided. Since no official fix or patched version is currently available, it is recommended to restrict access to the affected plugin features, review and tighten access control settings, and monitor for unauthorized activity. Applying general WordPress security best practices and limiting plugin usage to trusted users may help reduce risk until a patch is released. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24602. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart