Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update
CVE-2024-7621

5.4MEDIUM

Key Information:

Vendor: Wordpress
Status: Visual Website Collaboration, Feedback & Project Management – Atarim
Vendor: CVE Published:; 12 August 2024

What is CVE-2024-7621?

The Atarim Visual Website Collaboration plugin for WordPress is susceptible to unauthorized data modification due to a missing capability check in the process_wpfeedback_misc_options() function. This vulnerability affects all versions up to and including 4.0.2, enabling authenticated users with Subscriber-level access or higher to modify plugin settings. Attackers may exploit this weakness to manipulate the plugin's configuration, posing significant risks to the integrity of the site and its collaboration features. It is essential for users to update to the latest version and implement stringent access control measures to mitigate these risks.

Affected Version(s)

Visual Website Collaboration, Feedback & Project Management – Atarim * <= 4.0.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/atarim-visual-...

https://plugins.trac.wordpress.org/changeset/3133163/atar...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2024
Vulnerability Reserved
Aug 8, 2024

Credit

Lucio Sá