Description
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.2.1.
Published: 2026-02-20
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Atarim Visual Collaboration plugin for WordPress contains a missing authorization flaw (CWE‑862). This defect permits users who are not administrators to invoke plugin functions that should be restricted, potentially enabling unauthorized modification or deletion of content managed by the plugin. The loss of proper access control can lead to compromise of data integrity and, in some cases, unauthorized data disclosure.

Affected Systems

All WordPress sites that have the Atarim Visual Collaboration plugin installed at version 4.2.1 or earlier are affected. The vulnerability applies to every instance of the plugin from its initial release forward up to 4.2.1, regardless of the underlying WordPress core version.

Risk and Exploitability

The CVSS score of 6.5 places this issue in the moderate severity range. The EPSS score of less than 1 percent indicates a low likelihood of exploitation as of the last assessment, and it is not listed in the CISA KEV catalog. It is inferred that attackers would attempt to exploit the flaw remotely, using crafted HTTP requests directed at the plugin’s endpoints, because the plugin operates through the WordPress web interface and no special network or authentication prerequisites beyond legitimate access are described.

Generated by OpenCVE AI on April 29, 2026 at 12:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Atarim Visual Collaboration plugin to version 4.2.2 or later to eliminate the missing authorization flaw.
  • If no newer version is available, remove the plugin entirely or limit its use to administrators by configuring role restrictions within WordPress.
  • Configure a web application firewall or security plugin to block direct access to the plugin’s administrative endpoints until a patch is applied.

Generated by OpenCVE AI on April 29, 2026 at 12:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Feb 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Feb 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Vito Peleg
Vito Peleg atarim
Wordpress
Wordpress wordpress
Vendors & Products Vito Peleg
Vito Peleg atarim
Wordpress
Wordpress wordpress

Fri, 20 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.2.1.
Title WordPress Atarim plugin <= 4.2.1 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Vito Peleg Atarim
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T19:32:47.032Z

Reserved: 2025-12-15T10:00:44.500Z

Link: CVE-2025-67993

cve-icon Vulnrichment

Updated: 2026-02-24T21:32:18.916Z

cve-icon NVD

Status : Deferred

Published: 2026-02-20T16:22:05.500

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-67993

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T13:00:06Z

Weaknesses