CVE-2024-2038 HIGH

CVE-2024-2038: Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials

Vendor Wpfeedback
Product Atarim – Visual Feedback, Review & AI Collaboration
Weakness CWE-259
Published May 23, 2024
Last update April 8, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for unauthenticated attackers to modify plugin settings, delete posts, modify post titles, and upload images.

Key dates

02Disclosure timeline

May 23, 2024 CVE published
April 8, 2026 Record updated