Primary

Context

Atarim WordPress Plugin Missing Authorization Vulnerability Allows Unauthenticated Data Deletion

Vulnerability

Patched

A vulnerability in the Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress, in versions through 4.0.9, allows unauthenticated users to delete project pages and files. This issue arises from a missing capability check in the 'wpf_delete_file' functions, enabling unauthorized data deletion.

Impact

Exploitation of this vulnerability leads to unauthorized deletion of project pages and files within the Atarim plugin.

Remediation

Users can update to version 4.1.0 or a newer patched version to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

0.6

exploitability

8.2

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Atarim WordPress Plugin Missing Authorization Vulnerability Allows Unauthenticated Data Deletion

Vulnerability

Impact

Remediation

Affected Products

Atarim Visual Website Collaboration, Feedback & Project Management

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating