Lucene search
+L

68 matches found

CVE
CVE
added 2025/02/14 11:10 a.m.57 views

CVE-2024-13791

CVE-2024-13791 (Bit Assist for WordPress) is a path traversal vulnerability that affects Bit Assist up to version 1.5.2. An authenticated attacker with Administrator-level access can use downloadResponseFile() to read arbitrary server files containing sensitive information. Connected sources indi...

4.9CVSS6.6AI score0.00641EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/14 11:10 a.m.10 views

CVE-2024-13791 Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Administrator+) Arbitrary File Read via downloadResponseFile Function

Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server,...

4.9CVSS6.5AI score0.00641EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/02/14 11:10 a.m.17 views

CVE-2024-13791 Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Administrator+) Arbitrary File Read via downloadResponseFile Function

Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server,...

4.9CVSS0.00641EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/02/14 3:6 a.m.7 views

WordPress Bit Assist plugin <= 1.5.2 - Path Traversal to Authenticated (Administrator+) Arbitrary File Read via downloadResponseFile Function vulnerability

Path Traversal to Authenticated Administrator+ Arbitrary File Read via downloadResponseFile Function vulnerability discovered by koffee in WordPress Plugin Bit Assist versions = 1.5.2...

4.9CVSS7AI score0.00641EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/02/14 3:6 a.m.7 views

WordPress Bit Assist plugin <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter vulnerability

Authenticated Subscriber+ SQL Injection via id Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Bit Assist versions = 1.5.2...

6.5CVSS8.1AI score0.00548EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/02/14 12:0 a.m.7 views

PT-2025-6807 · WordPress · Bit Assist

Name of the Vulnerable Software and Affected Versions: Bit Assist plugin for WordPress versions up to, and including, 1.5.2 Description: The issue allows authenticated attackers, with Subscriber-level access and above, to extract sensitive information from the database via time-based SQL Injectio...

6.5CVSS9.8AI score0.00548EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/02/14 12:0 a.m.6 views

WordPress plugin Bit Assist 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.9CVSS7.9AI score0.00641EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/02/14 12:0 a.m.7 views

WordPress plugin Bit Assist SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

6.5CVSS8.8AI score0.00548EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/02/14 12:0 a.m.7 views

PT-2025-6611 · WordPress · Bit Assist

Name of the Vulnerable Software and Affected Versions: Bit Assist plugin for WordPress versions up to, and including, 1.5.2 Description: The issue allows authenticated attackers with Administrator-level access and above to read the contents of arbitrary files on the server, which can contain...

4.9CVSS9.2AI score0.00641EPSS
Exploits0References10
OSV
OSV
added 2023/12/29 11:15 a.m.5 views

CVE-2023-51371

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating...

4.8CVSS5.8AI score0.00328EPSS
Exploits0References1
NVD
NVD
added 2023/12/29 11:15 a.m.28 views

CVE-2023-51371

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating...

5.9CVSS0.00328EPSS
Exploits0References1
Prion
Prion
added 2023/12/29 11:15 a.m.21 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating...

4.3CVSS7AI score0.00328EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/29 10:58 a.m.59 views

CVE-2023-51371

The CVE-2023-51371 entry concerns the WordPress Bit Assist Plugin (

5.9CVSS5.1AI score0.00328EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/29 10:58 a.m.30 views

CVE-2023-51371 WordPress Bit Assist Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating...

5.9CVSS5.9AI score0.00328EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/12/29 12:0 a.m.13 views

PT-2023-31794 · Unknown · Bit Assist Chat Widget

Name of the Vulnerable Software and Affected Versions: Bit Assist Chat Widget versions n/a through 1.1.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows Stored XSS in the Chat Widget, which includes...

5.9CVSS4.8AI score0.00328EPSS
Exploits0References7
Patchstack
Patchstack
added 2023/12/26 12:0 a.m.14 views

WordPress Bit Assist Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)

Software Bit Assist Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51371 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e6a54b9372e2 Credits emad Required privilege Administrator Publish...

5.9CVSS6.6AI score0.00328EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/29 12:0 a.m.7 views

Bit Assist < 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Bit Assist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/09/19 12:0 a.m.5 views

WordPress Bit Assist Plugin < 1.2 is vulnerable to Cross Site Scripting (XSS)

Software Bit Assist Type Plugin Vulnerable versions 1.2 Fixed in 1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6fe902b57878 Credits Unknown Required privilege Administrator...

6AI score
Exploits0References2Affected Software1
NVD
NVD
added 2023/08/21 5:15 p.m.22 views

CVE-2023-3667

The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS4.7AI score0.00379EPSS
Exploits2References1
OSV
OSV
added 2023/08/21 5:15 p.m.7 views

CVE-2023-3667

The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00379EPSS
Exploits2References1
Rows per page
Query Builder