68 matches found
CVE-2024-13791
CVE-2024-13791 (Bit Assist for WordPress) is a path traversal vulnerability that affects Bit Assist up to version 1.5.2. An authenticated attacker with Administrator-level access can use downloadResponseFile() to read arbitrary server files containing sensitive information. Connected sources indi...
CVE-2024-13791 Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Administrator+) Arbitrary File Read via downloadResponseFile Function
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server,...
CVE-2024-13791 Bit Assist <= 1.5.2 - Path Traversal to Authenticated (Administrator+) Arbitrary File Read via downloadResponseFile Function
Bit Assist plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.2 via the downloadResponseFile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server,...
WordPress Bit Assist plugin <= 1.5.2 - Path Traversal to Authenticated (Administrator+) Arbitrary File Read via downloadResponseFile Function vulnerability
Path Traversal to Authenticated Administrator+ Arbitrary File Read via downloadResponseFile Function vulnerability discovered by koffee in WordPress Plugin Bit Assist versions = 1.5.2...
WordPress Bit Assist plugin <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter vulnerability
Authenticated Subscriber+ SQL Injection via id Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Bit Assist versions = 1.5.2...
PT-2025-6807 · WordPress · Bit Assist
Name of the Vulnerable Software and Affected Versions: Bit Assist plugin for WordPress versions up to, and including, 1.5.2 Description: The issue allows authenticated attackers, with Subscriber-level access and above, to extract sensitive information from the database via time-based SQL Injectio...
WordPress plugin Bit Assist 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Bit Assist SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
PT-2025-6611 · WordPress · Bit Assist
Name of the Vulnerable Software and Affected Versions: Bit Assist plugin for WordPress versions up to, and including, 1.5.2 Description: The issue allows authenticated attackers with Administrator-level access and above to read the contents of arbitrary files on the server, which can contain...
CVE-2023-51371
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating...
CVE-2023-51371
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating...
CVE-2023-51371
The CVE-2023-51371 entry concerns the WordPress Bit Assist Plugin (
CVE-2023-51371 WordPress Bit Assist Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating...
PT-2023-31794 · Unknown · Bit Assist Chat Widget
Name of the Vulnerable Software and Affected Versions: Bit Assist Chat Widget versions n/a through 1.1.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows Stored XSS in the Chat Widget, which includes...
WordPress Bit Assist Plugin <= 1.1.9 is vulnerable to Cross Site Scripting (XSS)
Software Bit Assist Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51371 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e6a54b9372e2 Credits emad Required privilege Administrator Publish...
Bit Assist < 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The Bit Assist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
WordPress Bit Assist Plugin < 1.2 is vulnerable to Cross Site Scripting (XSS)
Software Bit Assist Type Plugin Vulnerable versions 1.2 Fixed in 1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6fe902b57878 Credits Unknown Required privilege Administrator...
CVE-2023-3667
The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-3667
The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...