Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through <= 4.3.2.
AnalysisAI
Atarim visual collaboration through version 4.3.2 contains an authorization bypass vulnerability that allows authenticated users to modify data they should not have access to due to incorrectly configured access controls. An attacker with valid credentials can exploit this misconfiguration to perform unauthorized modifications within the application. No patch is currently available for this vulnerability.
Technical ContextAI
This vulnerability is classified under CWE-862 (Missing Authorization), which represents a failure to properly enforce authorization policies after authentication has occurred. The Atarim visual collaboration plugin (CPE identifier: cpe:2.3:a:vito_peleg:atarim-visual-collaboration) operates as a WordPress or content collaboration extension that manages access control to collaborative editing features and shared resources. The root cause stems from incorrect configuration or implementation of role-based access control (RBAC) mechanisms that fail to validate user permissions before allowing modification operations, allowing authenticated users to escalate their implicit permissions beyond their assigned security level.
RemediationAI
Immediately upgrade Atarim visual collaboration to version 4.3.3 or later when available, as this is the primary remediation path. Until patches are deployed, enforce strict role-based access control by auditing and restricting user permissions within Atarim settings, disabling collaborative editing for lower-privilege users, and limiting access to sensitive shared resources to only administrators or trusted power users. Implement network-level access controls to restrict Atarim plugin access to authenticated, internal networks only, and enable comprehensive audit logging to detect unauthorized modification attempts. Review audit logs for any suspicious permission escalation or unauthorized modifications performed by low-privilege accounts.
Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low at
Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor pat
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-11993