The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_wpfeedback_misc_options() function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings which can also be leveraged to gain access to the plugin's settings.
History

Mon, 12 Aug 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Wpfeedback
Wpfeedback visual Website Collaboration
CPEs cpe:2.3:a:wpfeedback:visual_website_collaboration:*:*:*:*:*:*:*:*
Vendors & Products Wpfeedback
Wpfeedback visual Website Collaboration
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 10 Aug 2024 02:30:00 +0000

Type Values Removed Values Added
Description The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_wpfeedback_misc_options() function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings which can also be leveraged to gain access to the plugin's settings.
Title Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-08-10T02:01:21.796Z

Updated: 2024-08-12T16:40:37.442Z

Reserved: 2024-08-08T17:27:46.997Z

Link: CVE-2024-7621

cve-icon Vulnrichment

Updated: 2024-08-12T16:40:28.409Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-08-12T13:38:45.400

Modified: 2024-08-12T13:41:36.517

Link: CVE-2024-7621

cve-icon Redhat

No data.