WordPress Bit Assist plugin <= 1.5.2 - Path Traversal to Authenticated (Administrator+) Arbitrary File Read via downloadResponseFile Function vulnerability

Path Traversal to Authenticated Administrator+ Arbitrary File Read via downloadResponseFile Function vulnerability discovered by koffee in WordPress Plugin Bit Assist versions = 1.5.2...

PT-2025-6611 · WordPress · Bit Assist

Name of the Vulnerable Software and Affected Versions: Bit Assist plugin for WordPress versions up to, and including, 1.5.2 Description: The issue allows authenticated attackers with Administrator-level access and above to read the contents of arbitrary files on the server, which can contain...