Description
Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2.1.
Published: 2025-11-06
Score: 7.5 High
EPSS: 1.9% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the WordPress Atarim visual collaboration plugin causes sensitive information that should remain private to be inadvertently included in data sent out of the system, allowing an attacker to retrieve that embedded sensitive data. The vulnerability is catalogued as CWE‑201, which highlights improper handling of confidential information. An attacker who can trigger the vulnerable code path could access personal, credential, or business data exposed through network traffic or plugin responses, compromising confidentiality and potentially privacy of affected users.

Affected Systems

The issue affects the Atarim visual collaboration plugin developed by Vito Peleg for all versions up through 4.2.1, including the pre‑4.2.1 releases where the vulnerability is present. Any WordPress installation using any of those affected plugin versions is at risk.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity, and the EPSS score of 2% shows a low but non‑zero likelihood of exploitation in the wild. The plugin runs in a web context, so the likely attack vector is remote via HTTP requests to the site. No official listing in the CISA KEV catalog currently. Security researchers have not reported widespread exploitation, but the data exposure risk warrants timely remediation.

Generated by OpenCVE AI on April 30, 2026 at 05:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Atarim plugin to a newer version (any release above 4.2.1) that resolves the exposure issue.
  • If an update is not currently available, disable or uninstall the Atarim plugin to stop any sensitive data from being transmitted.
  • Implement network monitoring or filtering to detect and block any data payloads that contain sensitive information sent by the plugin.

Generated by OpenCVE AI on April 30, 2026 at 05:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 27 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
References

Mon, 27 Apr 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2. Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2.1.
Title WordPress Atarim plugin <= 4.2 - Sensitive Data Exposure vulnerability WordPress Atarim plugin <= 4.2.1 - Sensitive Data Exposure vulnerability

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Tue, 13 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 17 Nov 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 13 Nov 2025 11:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
References

Thu, 06 Nov 2025 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Atarim
Atarim atarim
Wordpress
Wordpress wordpress
Vendors & Products Atarim
Atarim atarim
Wordpress
Wordpress wordpress

Thu, 06 Nov 2025 16:00:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2.
Title WordPress Atarim plugin <= 4.2 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References

Subscriptions

Atarim Atarim
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:57.069Z

Reserved: 2025-09-25T15:28:27.831Z

Link: CVE-2025-60188

cve-icon Vulnrichment

Updated: 2025-11-17T14:55:39.428Z

cve-icon NVD

Status : Deferred

Published: 2025-11-06T16:16:03.560

Modified: 2026-04-27T18:16:24.160

Link: CVE-2025-60188

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T05:15:28Z

Weaknesses