68 matches found
CVE-2025-30834
CVE-2025-30834 describes an unauthenticated path traversal in the WordPress Bit Assist plugin (Bit Apps) affecting Bit Assist versions up to 1.5.4. The vulnerability enables path traversal without authentication (attack vector: network, no user interaction, low complexity, no privileges required)...
WordPress plugin Bit Assist 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-14053 · Bit Apps · Bit Assist
Name of the Vulnerable Software and Affected Versions: Bit Assist versions 1.5.4 and earlier Description: The issue is a Path Traversal vulnerability in Bit Apps Bit Assist, allowing unauthorized access to files and directories. Recommendations: For versions 1.5.4 and earlier, update to a version...
WordPress Bit Assist plugin <= 1.5.4 - Path Traversal vulnerability
Path Traversal vulnerability discovered by Falgun Patel in WordPress Plugin Bit Assist versions = 1.5.4...
CVE-2025-0822
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contai...
WordPress Bit Assist plugin <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter vulnerability
Path Traversal to Authenticated Subscriber+ Arbitrary File Read via fileID Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Bit Assist versions = 1.5.2...
CVE-2025-0821
Bit Assist plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2024-13791
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server,...
CVE-2025-0822
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contai...
CVE-2025-0822 Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contai...
CVE-2025-0822 Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Subscriber+) Arbitrary File Read via fileID Parameter
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the fileID Parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contai...
PT-2025-6808 · WordPress · Bit Assist
Name of the Vulnerable Software and Affected Versions: Bit Assist plugin for WordPress versions up to, and including, 1.5.2 Description: The issue allows authenticated attackers with Subscriber-level access and above to read the contents of arbitrary files on the server, which can contain sensiti...
WordPress plugin Bit Assist 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2025-0821
Bit Assist plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-0821
Bit Assist plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2024-13791
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server,...
CVE-2024-13791
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server,...
CVE-2025-0821
CVE-2025-0821 Bit Assist for WordPress: The Bit Assist plugin is vulnerable to a time-based SQL Injection via the id parameter in all versions up to 1.5.2. An authenticated attacker with Subscriber+ privileges can inject additional SQL into existing queries to exfiltrate data. The CVE entry notes...
CVE-2025-0821 Bit Assist <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter
Bit Assist plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-0821 Bit Assist <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter
Bit Assist plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...