CVE-2025-60187 MEDIUM

CVE-2025-60187: WordPress Atarim plugin <= 4.2.1 - Arbitrary File Upload vulnerability

Vendor Vito Peleg
Product Atarim
Weakness CWE-434 · Unrestricted file upload
Published November 6, 2025
Last update April 28, 2026

CVSS base score

4.8/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Unrestricted Upload of File with Dangerous Type vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Using Malicious Files.This issue affects Atarim: from n/a through <= 4.2.1.

Explanation of Vulnerability in Simple Terms

02Summary

Atarim versions up to 4.2.1 contain an unrestricted file upload vulnerability. An attacker can upload files to the application without proper validation, potentially allowing them to store malicious files on the server. The attack requires specific conditions to be met but does not require authentication or user interaction.

What an attacker can do

03Attacker Capabilities

Upload files to the server without proper validation, potentially storing malicious content.

Potential impact on your site

04Site Impact

Malicious files could be stored on your server, risking data exposure or further compromise depending on file type and location.

Conditions required to exploit

05Prerequisites

Network access to the application; specific attack conditions must be met (high complexity).

Key dates

06Disclosure timeline

November 6, 2025 CVE published
April 28, 2026 Record updated