CVE-2024-13364 – The Raptive Ads WordPress plugin has an authori... (How to Fix)

Q: What is the severity of CVE-2024-13364?

CVE-2024-13364 has a CVSS score of 5.3 (MEDIUM). The Raptive Ads WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to reset ad and cls files. This affects all WordPress sites using the plugin up to version 3.6.3. Attackers can disrupt advertising functionality without needing any credentials.

📋 TL;DR

The Raptive Ads WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to reset ad and cls files. This affects all WordPress sites using the plugin up to version 3.6.3. Attackers can disrupt advertising functionality without needing any credentials.

💻 Affected Systems

Products:

Raptive Ads (formerly AdThrive Ads) WordPress Plugin

Versions: All versions up to and including 3.6.3

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects WordPress installations with the vulnerable plugin active.

📦 What is this software?

Raptive Ads by Raptive

View all CVEs affecting Raptive Ads →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete disruption of advertising functionality, potential loss of ad revenue, and service disruption if ads are critical to site operation.

🟠

Likely Case

Temporary disruption of ad displays, requiring administrator intervention to restore proper ad functionality.

🟢

If Mitigated

Minimal impact with proper access controls and monitoring in place to detect and respond to unauthorized reset attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP request to vulnerable endpoints without authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.6.4 or later

Vendor Advisory: https://wordpress.org/plugins/adthrive-ads/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find Raptive Ads plugin. 4. Click 'Update Now' if available. 5. If manual update needed, download version 3.6.4+ from WordPress.org and replace plugin files.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the Raptive Ads plugin until patched

wp plugin deactivate adthrive-ads

Web Application Firewall Rule

all

Block access to vulnerable endpoints via WAF

Block POST requests to /wp-admin/admin-ajax.php with action parameters containing 'site_ads_files_reset' or 'cls_file_reset'

🧯 If You Can't Patch

Implement strict network access controls to limit who can access the WordPress admin-ajax.php endpoint
Enable detailed logging of all admin-ajax.php requests and monitor for unauthorized reset attempts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Raptive Ads version. If version is 3.6.3 or lower, you are vulnerable.

Check Version:

wp plugin get adthrive-ads --field=version

Verify Fix Applied:

Verify plugin version is 3.6.4 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

POST requests to /wp-admin/admin-ajax.php with action=site_ads_files_reset or action=cls_file_reset from unauthenticated users
Multiple reset attempts within short timeframes

Network Indicators:

Unusual traffic patterns to admin-ajax.php endpoint
HTTP 200 responses to reset requests from unauthenticated sources

SIEM Query:

source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND (action="site_ads_files_reset" OR action="cls_file_reset") AND user="-"

📊 Metadata

CVE ID: CVE-2024-13364

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-862

EPSS Score: 0.45% exploit probability (63.2th percentile)

Published: February 19, 2025

Last Updated: February 25, 2025

🔗 References

https://wordpress.org/plugins/adthrive-ads/ Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/7a08d857-c8be-4ba8-b9fb-eed222a8cd8c?source=cve Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-13364, you might also want to check these: