Unauthorized Data Deletion in Atarim Plugin for WordPress
CVE-2024-12104

5.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Visual Website Collaboration, Feedback & Project Management – Atarim
Vendor: CVE Published:; 21 January 2025

Summary

The Atarim plugin for WordPress is affected by a lack of proper capability checks in critical file handling functions, specifically wpf_delete_file and wpf_delete_file. This deficiency permits unauthenticated users to delete project-related pages and files, potentially leading to significant data loss. All versions up to and including 4.0.9 are impacted, highlighting the need for urgent attention and remediation.

Affected Version(s)

Visual Website Collaboration, Feedback & Project Management – Atarim * <= 4.0.9

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Dec 3, 2024

Credit

Tieu Pham Trong Nhan

BrokenAC ignore