cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12104,https://securityvulnerability.io/vulnerability/CVE-2024-12104,Unauthorized Data Deletion in Atarim Plugin for WordPress,"The Atarim plugin for WordPress is affected by a lack of proper capability checks in critical file handling functions, specifically wpf_delete_file and wpf_delete_file. This deficiency permits unauthenticated users to delete project-related pages and files, potentially leading to significant data loss. All versions up to and including 4.0.9 are impacted, highlighting the need for urgent attention and remediation.",Wordpress,"Visual Website Collaboration, Feedback & Project Management – Atarim",5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,false,false,false,2025-01-21T09:21:10.182Z,0
CVE-2024-7621,https://securityvulnerability.io/vulnerability/CVE-2024-7621,"Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update","The Atarim Visual Website Collaboration plugin for WordPress is susceptible to unauthorized data modification due to a missing capability check in the process_wpfeedback_misc_options() function. This vulnerability affects all versions up to and including 4.0.2, enabling authenticated users with Subscriber-level access or higher to modify plugin settings. Attackers may exploit this weakness to manipulate the plugin's configuration, posing significant risks to the integrity of the site and its collaboration features. It is essential for users to update to the latest version and implement stringent access control measures to mitigate these risks.",Wordpress,"Visual Website Collaboration, Feedback & Project Management – Atarim",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,false,false,2024-08-12T13:38:00.000Z,0
CVE-2024-2793,https://securityvulnerability.io/vulnerability/CVE-2024-2793,Stored Cross-Site Scripting Vulnerability in Atarim Plugin for WordPress,"The Atarim Visual Website Collaboration, Feedback & Project Management plugin for WordPress contains a vulnerability that allows for Stored Cross-Site Scripting through comments. This security flaw exists in all versions up to and including 3.30, where improper sanitization of user inputs allows malicious actors to inject arbitrary web scripts. These scripts may execute whenever a user accesses the compromised page, posing significant risks to user security and website integrity.",Wordpress,"Visual Website Collaboration, Feedback & Project Management – Atarim",7.2,HIGH,0.0004400000034365803,false,,false,false,false,,false,false,2024-05-31T04:31:43.112Z,0
CVE-2024-2038,https://securityvulnerability.io/vulnerability/CVE-2024-2038,Unauthorized Access Vulnerability in Atarim Plugin for WordPress,"The Atarim plugin for WordPress, which facilitates visual collaboration and project management, is exposed to unauthorized access vulnerabilities across all versions up to and including 3.22.6. This security flaw arises from the implementation of hardcoded credentials, which are used to authenticate incoming API requests. As a consequence, malicious actors can exploit this vulnerability to gain unauthorized access, enabling them to alter plugin configurations, delete posts, change post titles, and upload arbitrary images. Website administrators are urged to update to the latest version of the Atarim plugin to mitigate this significant security risk.",Wordpress,"Visual Website Collaboration, Feedback & Project Management – Atarim",7.5,HIGH,0.00044999999227002263,false,,false,false,false,,false,false,2024-05-23T06:46:02.833Z,0