Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update
CVE-2024-7621

5.4MEDIUM

Key Information:

Vendor

Wordpress
Status
Visual Website Collaboration, Feedback & Project Management – Atarim
Vendor
CVE Published:
12 August 2024

What is CVE-2024-7621?

The Atarim Visual Website Collaboration plugin for WordPress is susceptible to unauthorized data modification due to a missing capability check in the process_wpfeedback_misc_options() function. This vulnerability affects all versions up to and including 4.0.2, enabling authenticated users with Subscriber-level access or higher to modify plugin settings. Attackers may exploit this weakness to manipulate the plugin's configuration, posing significant risks to the integrity of the site and its collaboration features. It is essential for users to update to the latest version and implement stringent access control measures to mitigate these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Visual Website Collaboration, Feedback & Project Management – Atarim * <= 4.0.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/atarim-visual-...
https://plugins.trac.wordpress.org/changeset/3133163/atar...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lucio SΓ‘
JSON
.