CVE-2025-60188
Published: 06 November 2025
Summary
CVE-2025-60188 is a high-severity Insertion of Sensitive Information Into Sent Data (CWE-201) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 16.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The vulnerability is an Insertion of Sensitive Information Into Sent Data flaw, tracked as CWE-201, in the Atarim Visual Collaboration plugin for WordPress. It affects all versions through 4.2.1 and permits retrieval of embedded sensitive data, carrying a CVSS 3.1 score of 7.5 due to network accessibility without authentication.
Unauthenticated remote attackers can exploit the issue to extract confidential information from the affected plugin component. No user interaction or privileges are required, enabling direct confidentiality compromise over the network.
The Patchstack advisory describes the exposure in the WordPress Atarim plugin at version 4.2 and provides details on the sensitive data disclosure.
The EPSS score rose from a low baseline to a peak of 0.0550 on 2026-03-08 before receding to the current value of 0.0194, indicating a temporary increase in exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-38127
Vulnerability details
Insertion of Sensitive Information Into Sent Data vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Retrieve Embedded Sensitive Data.This issue affects Atarim: from n/a through <= 4.2.1.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Embedding taints allows detection when sensitive data is inserted into outbound or sent data streams.