WordPress Atarim Plugin <= 3.12 is vulnerable to Cross Site Scripting (XSS)
CVE-2023-47544

7.1HIGH

What is CVE-2023-47544?

An unauthenticated stored Cross-Site Scripting (XSS) vulnerability exists in the Atarim Visual Website Collaboration, Feedback & Project Management plugin for WordPress. This flaw allows attackers to inject malicious scripts into the application, potentially compromising the security and integrity of the site. Users of versions 3.12 and earlier are advised to implement necessary security measures to mitigate the risk associated with this vulnerability.

Affected Version(s)

Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.12

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

lttn (Patchstack Alliance)
.