Visual Website Collaboration, Feedback & Project Management – Atarim, bbe69f8fc5d39676b07cb8a8e98e16d8826d1086
- CVE, Research URL
- Home page URL
-
Security reports for Visual Website Collaboration, Feedback & Project Management – Atarim
- Published on
- Jul 07, 2023
- Research Description
- Visual Website Collaboration, Feedback & Project Management – Atarim [atarim-visual-collaboration] < 3.9.2 Atarim - Client Interface <= 3.9.1 - Missing Authorization via AJAX actions The Atarim - Client Interface plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the avc_send_invitations and avc_delete_invitations functions in versions up to, and including, 3.9.1. This makes it possible for unauthenticated attackers to delete arbitrary accounts (and the content they created) on the site. The creation of accounts is also possible although new accounts are limited to the default role or subscriber, whichever is higher.
- Affected versions
-
max 3.9.2.
- Status
-
vulnerable