Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
AtomChat WordPress Plugin: Authenticated Users Can Change Settings
CVE-2026-1253
Summary
The AtomChat WordPress plugin is affected by a security issue that allows users with Subscriber-level access or higher to change sensitive settings, like API keys and authentication keys, without permission. This could lead to unauthorized changes to the plugin's behavior and security. Update the plugin to a version higher than 1.1.7 to fix this issue.
Original title
The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'atomchat_update_auth_ajax' and 'atomchat_up...
Original description
The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'atomchat_update_auth_ajax' and 'atomchat_update_layout_ajax' functions in all versions up to, and including, 1.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options, including critical settings such as API keys, authentication keys, and layout configurations.
nvd CVSS3.1
5.3
Vulnerability type
CWE-862
Missing Authorization
Published: 21 Mar 2026 · Updated: 21 Mar 2026 · First seen: 21 Mar 2026