Primary

Context

Raptive Ads WordPress Plugin Missing Authorization Vulnerability Allowing Unauthenticated Data Reset

Vulnerability

A vulnerability exists in the Raptive Ads plugin for WordPress, all versions through 3.6.3, due to a lack of proper capability checks in the site_ads_files_reset() and cls_file_reset() functions. This flaw enables unauthenticated attackers to reset ad and CLS files, potentially disrupting ad management and performance optimization settings.

Impact

Exploitation of this vulnerability allows for unauthorized resetting of ad and CLS files, which could interfere with the site's ad management and optimization processes.

Remediation

Users can update to version 3.7.1 or a newer patched version to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Raptive Ads WordPress Plugin Missing Authorization Vulnerability Allowing Unauthenticated Data Reset

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating