VYPR
Medium severity5.3NVD Advisory· Published Jan 21, 2025· Updated Apr 8, 2026

CVE-2024-12104

CVE-2024-12104

Description

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpf_delete_file and wpf_delete_file functions in all versions up to, and including, 4.0.9. This makes it possible for unauthenticated attackers to delete project pages and files. CVE-2025-22657 may be a duplicate of this issue.

Affected products

3
  • Atarim/Atarim2 versions
    cpe:2.3:a:atarim:atarim:*:*:*:*:*:wordpress:*:*+ 1 more
    • cpe:2.3:a:atarim:atarim:*:*:*:*:*:wordpress:*:*range: <4.1.0
    • (no CPE)range: <=4.0.9
  • WordPress/Atarimwp-canonicalize

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.