CVE-2024-12104 is a vulnerability classified under CWE-862 (Missing Authorization) found in the Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress, developed by wpfeedback. The flaw exists because the plugin fails to perform proper capability checks on the wpf_delete_file functions, which are responsible for deleting project pages and files. This missing authorization allows unauthenticated attackers to invoke these functions remotely and delete critical project data without any credentials or user interaction. The vulnerability affects all versions up to and including 4.0.9 of the plugin. The CVSS 3.1 base score is 5.3, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), integrity impact (I:L), and no availability impact (A:N). This means the primary impact is unauthorized modification (deletion) of data, which can disrupt project workflows and cause data loss. No patches or fixes are currently linked, and no known exploits have been reported in the wild, but the vulnerability is publicly disclosed and should be addressed promptly. The plugin is used for website collaboration and project management, making affected sites potentially vulnerable to sabotage or data integrity attacks.

The primary impact of CVE-2024-12104 is unauthorized deletion of project pages and files, which compromises data integrity. For organizations relying on the Atarim plugin for project management and website collaboration, this can lead to loss of critical project documentation, delays in development cycles, and potential disruption of client deliverables. Since the vulnerability requires no authentication or user interaction, it can be exploited remotely by any attacker scanning for vulnerable sites, increasing the risk of automated attacks. Although availability and confidentiality are not directly affected, the integrity loss can undermine trust in project data and cause operational setbacks. Organizations with large-scale web development teams or client-facing project management portals are particularly at risk. The absence of known exploits in the wild reduces immediate threat but does not eliminate the risk, especially as public disclosure may lead to exploit development. The vulnerability could also be leveraged as part of a broader attack chain to disrupt business operations or extort organizations dependent on the plugin.

1. Immediately update the Atarim plugin to a version that includes proper authorization checks once a patch is released by the vendor. Monitor official channels for patch announcements. 2. In the absence of an official patch, implement web application firewall (WAF) rules to block or restrict access to the wpf_delete_file endpoints or functions, especially from unauthenticated users or suspicious IP addresses. 3. Restrict access to the WordPress admin and plugin endpoints using IP whitelisting or VPN access controls to reduce exposure. 4. Regularly back up project pages and files managed by the plugin to enable quick restoration in case of deletion. 5. Conduct periodic audits of plugin permissions and capabilities to ensure no unauthorized access paths exist. 6. Monitor web server and WordPress logs for unusual deletion requests or access patterns targeting the plugin’s delete functions. 7. Educate development and IT teams about the vulnerability and encourage vigilance for suspicious activity related to project management plugins. 8. Consider temporarily disabling the Atarim plugin if it is not critical until a secure version is available.