The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_wpfeedback_misc_options() function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings which can also be leveraged to gain access to the plugin's settings.
Metrics
Affected Vendors & Products
References
History
Mon, 12 Aug 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Wpfeedback
Wpfeedback visual Website Collaboration |
|
CPEs | cpe:2.3:a:wpfeedback:visual_website_collaboration:*:*:*:*:*:*:*:* | |
Vendors & Products |
Wpfeedback
Wpfeedback visual Website Collaboration |
|
Metrics |
ssvc
|
Sat, 10 Aug 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the process_wpfeedback_misc_options() function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings which can also be leveraged to gain access to the plugin's settings. | |
Title | Visual Website Collaboration, Feedback & Project Management – Atarim <= 4.0.2 - Missing Authorization to Authenticated (Subscriber+) Settings Update | |
Weaknesses | CWE-862 | |
References |
|
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-08-10T02:01:21.796Z
Updated: 2024-08-12T16:40:37.442Z
Reserved: 2024-08-08T17:27:46.997Z
Link: CVE-2024-7621
Vulnrichment
Updated: 2024-08-12T16:40:28.409Z
NVD
Status : Awaiting Analysis
Published: 2024-08-12T13:38:45.400
Modified: 2024-08-12T13:41:36.517
Link: CVE-2024-7621
Redhat
No data.