Lucene search

K
cve[email protected]CVE-2024-2038
HistoryMay 23, 2024 - 7:15 a.m.

CVE-2024-2038

2024-05-2307:15:08
web.nvd.nist.gov
50
atarim plugin
wordpress
unauthorized access
hardcoded credentials
unauthenticated attackers
modify settings
delete posts
upload images

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for unauthenticated attackers to modify plugin settings, delete posts, modify post titles, and upload images.

Affected configurations

Vulners
Node
wpfeedbackvisual_website_collaboration\,_feedback_\&_project_management_–_atarimRange3.22.6

CNA Affected

[
  {
    "vendor": "wpfeedback",
    "product": "Visual Website Collaboration, Feedback & Project Management – Atarim",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "3.22.6",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

Related for CVE-2024-2038