CVE-2025-22657
Published: 18 February 2025
Description
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.0.9.
Security Summary
CVE-2025-22657 is a missing authorization vulnerability (CWE-862) in the Atarim Visual Collaboration WordPress plugin by Vito Peleg. The issue allows exploiting incorrectly configured access control security levels and affects all versions of Atarim from n/a through 4.0.9. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its potential for significant availability disruption without privileges or user interaction.
An unauthenticated remote attacker can exploit this vulnerability over the network with low attack complexity. Exploitation enables arbitrary content deletion, leading to high-impact denial of service on affected WordPress sites by disrupting access to or integrity of site content.
The Patchstack advisory identifies this as an arbitrary content deletion vulnerability in the WordPress Atarim plugin up to version 4.0.9 and provides details on the issue. Security practitioners should consult the advisory at https://patchstack.com/database/Wordpress/Plugin/atarim-visual-collaboration/vulnerability/wordpress-atarim-plugin-4-0-9-arbitrary-content-deletion-vulnerability?_s_id=cve for recommended mitigations.
Details
- CWE(s)