CVE-2026-25019
Missing Authorization in Atarim Visual Collaboration
Publication date: 2026-02-03
Last updated on: 2026-02-03
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| atarim | atarim_visual_collaboration | 4.3.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-25019 is a broken access control vulnerability in the WordPress Atarim plugin versions up to and including 4.3.1.
This issue arises from missing authorization, authentication, or nonce token checks within certain plugin functions, allowing unauthenticated users to perform actions that require higher privileges.
It is classified under the OWASP Top 10 category A1: Broken Access Control.
How can this vulnerability impact me? :
The vulnerability allows unauthenticated users to perform actions that normally require higher privileges due to missing access control checks.
However, the CVSS severity score is 5.3, indicating a low priority and low impact threat.
It is considered unlikely to be exploited with significant impact.
Users are advised to update to version 4.3.2 or later to mitigate the risk.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-25019 vulnerability in the Atarim WordPress plugin, users should update the plugin to version 4.3.2 or later, where the issue is resolved.
Additionally, Patchstack offers mitigation solutions including auto-updates for vulnerable plugins, which can help maintain security automatically.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-25019 is a broken access control vulnerability that allows unauthenticated users to perform actions requiring higher privileges due to missing authorization checks.
Such broken access control issues can potentially lead to unauthorized access to sensitive data or system functions, which may impact compliance with standards like GDPR or HIPAA that require strict access controls and protection of personal or health information.
However, the vulnerability has a low CVSS severity score (5.3) and is considered unlikely to be exploited with significant impact, which may reduce the immediate compliance risk.
To maintain compliance, affected users should update to version 4.3.2 or later to mitigate the risk.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability is a broken access control issue in the Atarim WordPress plugin versions up to 4.3.1, allowing unauthenticated users to perform privileged actions due to missing authorization checks.'}, {'type': 'paragraph', 'content': 'Detection typically involves checking the version of the Atarim plugin installed on your WordPress site to see if it is version 4.3.1 or earlier.'}, {'type': 'paragraph', 'content': 'Since the vulnerability requires no prior authentication, network detection might be challenging without specific exploit signatures.'}, {'type': 'paragraph', 'content': 'A practical approach is to run commands to identify the plugin version, for example, by querying the plugin files or using WP-CLI:'}, {'type': 'list_item', 'content': 'wp plugin list --status=active | grep atarim'}, {'type': 'list_item', 'content': "Check the plugin version in the plugin's main PHP file, e.g., by running: grep 'Version:' wp-content/plugins/atarim-visual-collaboration/atarim.php"}, {'type': 'paragraph', 'content': 'If the version is 4.3.1 or lower, the site is vulnerable and should be updated to version 4.3.2 or later.'}] [1]