Unauthorized Access Vulnerability in Atarim Plugin for WordPress
CVE-2024-2038

7.5HIGH

Key Information:

Vendor: Wordpress
Status: Visual Website Collaboration, Feedback & Project Management – Atarim
Vendor: CVE Published:; 23 May 2024

Summary

The Atarim plugin for WordPress, which facilitates visual collaboration and project management, is exposed to unauthorized access vulnerabilities across all versions up to and including 3.22.6. This security flaw arises from the implementation of hardcoded credentials, which are used to authenticate incoming API requests. As a consequence, malicious actors can exploit this vulnerability to gain unauthorized access, enabling them to alter plugin configurations, delete posts, change post titles, and upload arbitrary images. Website administrators are urged to update to the latest version of the Atarim plugin to mitigate this significant security risk.

Affected Version(s)

Visual Website Collaboration, Feedback & Project Management – Atarim * <= 3.22.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/atarim-visual-...

https://plugins.trac.wordpress.org/changeset?old=3076514&...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 23, 2024
Vulnerability Reserved
Feb 29, 2024

Credit

Lucio Sá