CVE-2026-24602
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-23

Last updated on: 2026-02-04

Assigner: Patchstack

Description
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. This is a false positive. According to the vendor, the function identified as a vulnerability is intentional and part of the expected design.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-23
Last Modified
2026-02-04
Generated
2026-06-16
AI Q&A
2026-01-23
EPSS Evaluated
2026-02-03
NVD
CVE-2026-24602
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
raptive raptive_ads to 3.10.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-24602 is a Broken Access Control vulnerability in the WordPress Raptive Ads Plugin (versions up to 3.10.0). It occurs due to missing authorization, authentication, or nonce token checks, allowing unauthenticated users to perform actions that should be restricted to higher privileged users. [1]

Impact Analysis

This vulnerability can allow unauthorized users to perform privileged actions within the Raptive Ads plugin, potentially leading to unauthorized changes or access. However, it has a low severity impact with a CVSS score of 5.3 and is considered unlikely to be exploited. [1]

Detection Guidance

There are no specific detection commands or network/system detection methods provided for this vulnerability. Since it is a Broken Access Control issue in the Raptive Ads WordPress plugin, detection would typically involve reviewing access control configurations and attempting unauthorized actions within the plugin to verify if missing authorization checks exist. However, no explicit commands or automated detection techniques are detailed. [1]

Mitigation Strategies

Immediate mitigation steps are not explicitly provided. Since no official fix or patched version is currently available, it is recommended to restrict access to the affected plugin features, review and tighten access control settings, and monitor for unauthorized activity. Applying general WordPress security best practices and limiting plugin usage to trusted users may help reduce risk until a patch is released. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24602. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart