CVE-2026-32447

Vulnerability

The Atarim plugin for WordPress (atarim-visual-collaboration) contains a missing authorization vulnerability in versions up to and including 4.3.2. This is a broken access control issue where the plugin fails to properly enforce access control checks on certain functions, allowing unprivileged users to perform actions that should require higher privileges [1].

Exploitation

An attacker can exploit this vulnerability without needing authentication, simply by sending crafted requests to the WordPress site. The lack of proper authorization checks means that any user, including unauthenticated visitors, can trigger privileged operations within the plugin [1].

Impact

Successful exploitation allows an attacker to execute actions that are normally restricted to higher-privileged users, such as administrators. This could lead to unauthorized modification of settings, data exposure, or other malicious activities depending on the plugin's capabilities [1].

Mitigation

The vulnerability has been addressed in version 4.3.3 of the Atarim plugin. Users are strongly advised to update to this version or later immediately. For those unable to update, contacting the hosting provider or web developer for assistance is recommended [1].