CVE-2024-2038
Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for unauthenticated attackers to modify plugin settings, delete posts, modify post titles, and upload images.
| CWE | CWE-259 |
| Vendor | wpfeedback |
| Product | atarim – visual feedback, review & ai collaboration |
| Published | May 23, 2024 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for wpfeedback atarim – visual feedback, review & ai collaboration
Be the first to know when new high vulnerabilities affecting wpfeedback atarim – visual feedback, review & ai collaboration are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
wpfeedback / Atarim – Visual Feedback, Review & AI Collaboration
0 ≤ 3.22.6
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/29532f4d-e830-4c99-ad77-076eebbbe98d?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/atarim-visual-collaboration/tags/3.18/inc/wpf_api.php plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?old=3076514&old_path=atarim-visual-collaboration%2Ftrunk%2Fatarim-visual-collaboration.php&new=3090249&new_path=atarim-visual-collaboration%2Ftrunk%2Fatarim-visual-collaboration.php
Credits
Lucio Sá